- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
Unexpect single port disconnection from PA-220
- LIVEcommunity
- Collaboration
- Discussions
- General Topics
- Unexpect single port disconnection from PA-220
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Unexpect single port disconnection from PA-220
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-27-2018 12:47 AM
My client's PA 220 cannot reach to his gateway. However, after he has reboot his PA, the connection is back, but only for few hours long! No matter how I have add the MAC address and troubshoot the problem of the system. I have checked both port on therouter and the port on the PA. I have added the MAC address on the ethernet port. I have even chnaged the port. It doesn't contunuse its connection. I have opened this case for the Paloalto support team, but the support, in his first time support, also thought it's the client's router's problem, but it seems that it might not be the issue there.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-27-2018 10:36 AM
Does the firewall actually see the port drop, or do you simply lose internet traffic? Is the connection using a static IP or is it using DHCP or PPPoE?
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-28-2018 01:21 AM
1. I pinged the gateway but the gateway didn't respond, and the ethernet is up. In addtion, I cannot even ping the same domain ip addresses. I have tried to change the port, but it occurs the same problem.
2. The port is static IP.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-28-2018 09:58 AM
Remove static arp entry.
> clear arp ethernet1/5
And use same command to ping.
> show arp ethernet 1/5
Do you see arp entry for .89?
ACE, PCNSE, PCNSI
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-28-2018 05:34 PM
I have done what you told me, but it's still not able to reach 61.154.70.89
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-28-2018 07:05 PM
(incomplete) means that Palo can't resolve ip to mac address.
You claim that afrer reboot it does and then stops after a while?
What about just disconnecting ethernet1/5 and plugging it back?
Connect patch cable from ethernet1/5 to your laptop.
Start Wireshark on your laptop.
Run ping command.
If packets go out from Palo ethernet1/5 then Wireshark should show arp requests where Palo is trying to resolve 61.154.70.89 to mac address.
If you see those arp requests then issue most likely at ISP side.
ACE, PCNSE, PCNSI
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-28-2018 08:12 PM
Yes, after last time reboot, the ethernet 1/5 was able to reach the 70.89 port again, but only for few hours.
The client said they have tried to ping the 70.90 port on PA with the laptop, but the PA port didn't reply the ping request.
The 70.89 port on the router responded the ping request.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-29-2018 06:52 AM
The PA by default wouldn't respond to a Ping request, you would have needed to enable this on the interface management profile. The wireshark capture as mentioned by @Raido_Rattameister will tell you if the PA is attempting to send the ARP request or not, or if the router isn't responding to an ARP request.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-29-2018 05:05 PM
It's already enabled.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
02-02-2021 06:35 PM
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
