08-20-2014 12:15 PM
We are trying to set up a VM-100 as the entry point to a virtual data center. We have run into an issue with the MAC addresses on the VM device not matching the MAC addresses on the Palo interfaces. We appear to be stuck at this point. Apparently it is not possible to change the MAC addresses inside the Palo. We approached the cloud provider about changing the MAC on their end, and were told:
Because of vCloud limitations... the MAC that must be used both at the vCloud layer and at the Palo Alto layer must be a VMware MAC.
Has anyone else attempted this type of setup? Any thoughts or suggestions? The only suggestion put forward by both the cloud provider and Palo Support was to enable promiscuous mode, which is not an option for us.
08-21-2014 10:17 AM
PANW-VM can work in following combination.
1. Enable Promiscous mode and also MAC address Change for that interface.
2. Disable Promiscuous mode and hardcode PANW-VM MAC addresses on ESXi
Bottom line is you can never change MAC address of the VM.
In this scenario I dont see any solution.
08-25-2014 12:00 PM
As the MAC cannot be changed in the VM, and it also cannot be changed in vCloud, we have no choice other than to abandon this effort. It looks like we will have to use a firewall from another vendor.
08-25-2014 12:02 PM
I would suggest to contact Sales Engineer for the account. They are master in Deployment, he should be able to provide some work around.
Have a word with him, and let me know for additional query.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!