virtual wire default-vwire is missing one or more interfaces

cancel
Showing results for 
Search instead for 
Did you mean: 

virtual wire default-vwire is missing one or more interfaces

L0 Member

Hello,

 

I'm new to Palo Alto firewalls but I need to know it for work purposes.

 

I am currently working on a Palo Alto PA-220 Firewall. I'm at the very beginning stages of this configuration. 

 

I keep getting an error message everytime I try to configure my first internal LAN port (ethernet1/2). This happens after I click the "commit" button. Please point me in the right direction. 

Commit Error.JPG

6 REPLIES 6

Cyber Elite
Cyber Elite

Hi @finsfree

 

Delete the default vwire and reset ethernet1/1 to default config. Then you should be good to go for the commit.

I did deleted the default vwire. I'm not exactly sure how to reset ethernet1/1 to default. Just with me deleting the default vwire this is the error message I am getting after the "commit" (see image).

 

Basically, I would like to have ethernet1/1 be a DHCP client to my ISP and ethernet1/2 be my LAN port with an IP address 10.0.0.1.

 

Commit Error2.JPGInterfaces.JPG

You did delete the vwire from here right?

Screenshot_20181029-002427_Chrome.jpg

 

And here are some links that might also help you to get started with your PA-220: https://live.paloaltonetworks.com/t5/Community-Blog/Getting-Started-The-Palo-Alto-Networks-Firewall-...

I got it working kind of....

 

I'm getting a better understanding of this firewall now.

 

The part I am stuck on now is getting the 2 port to talk to each other. I mean I can't get out to the internet yet.

 

My setup:

  • ethernet1/1 WAN is a DHCP Client to my ISP
  • ethernet1/2 is my LAN 10.0.0.1 (also my DHCP Server 10.0.0.50 - 10.0.0.100/24)

I'm picking up an IP address from my ISP on ethernet1/1. I can also get an IP address when I plug a PC into ethernet1/2, but I'm not able to reach the internet yet. 

Hi @khampshire

 

The link that I wrote in my previous post may really be something for you with the getting started series.

 

I assume you need to do at least parts of the following:

  • Create a virtual router
  • Add your two interfaces to the virtual router
  • Add a dynamic ip and port NAT rule to hide the outgoing traffic behind your public IP that you received by DHCP by your ISP
  • Add a security policy rule that allows outgoing traffic

If you delete Interface ethernet1/1 and ethernet1/2 that defaults the config for each of them.  If you do that plus delete the vWire, then I was able to push template configs from panorama over the interfaces that used to be in the vwire.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!