virtual wire default-vwire is missing one or more interfaces

Reply
Highlighted
L0 Member

virtual wire default-vwire is missing one or more interfaces

Hello,

 

I'm new to Palo Alto firewalls but I need to know it for work purposes.

 

I am currently working on a Palo Alto PA-220 Firewall. I'm at the very beginning stages of this configuration. 

 

I keep getting an error message everytime I try to configure my first internal LAN port (ethernet1/2). This happens after I click the "commit" button. Please point me in the right direction. 

Commit Error.JPG

Highlighted
Cyber Elite

Hi @finsfree

 

Delete the default vwire and reset ethernet1/1 to default config. Then you should be good to go for the commit.

Highlighted
L0 Member

I did deleted the default vwire. I'm not exactly sure how to reset ethernet1/1 to default. Just with me deleting the default vwire this is the error message I am getting after the "commit" (see image).

 

Basically, I would like to have ethernet1/1 be a DHCP client to my ISP and ethernet1/2 be my LAN port with an IP address 10.0.0.1.

 

Commit Error2.JPGInterfaces.JPG

Highlighted
Cyber Elite

You did delete the vwire from here right?

Screenshot_20181029-002427_Chrome.jpg

 

And here are some links that might also help you to get started with your PA-220: https://live.paloaltonetworks.com/t5/Community-Blog/Getting-Started-The-Palo-Alto-Networks-Firewall-...

Highlighted
L0 Member

I got it working kind of....

 

I'm getting a better understanding of this firewall now.

 

The part I am stuck on now is getting the 2 port to talk to each other. I mean I can't get out to the internet yet.

 

My setup:

  • ethernet1/1 WAN is a DHCP Client to my ISP
  • ethernet1/2 is my LAN 10.0.0.1 (also my DHCP Server 10.0.0.50 - 10.0.0.100/24)

I'm picking up an IP address from my ISP on ethernet1/1. I can also get an IP address when I plug a PC into ethernet1/2, but I'm not able to reach the internet yet. 

Highlighted
Cyber Elite

Hi @khampshire

 

The link that I wrote in my previous post may really be something for you with the getting started series.

 

I assume you need to do at least parts of the following:

  • Create a virtual router
  • Add your two interfaces to the virtual router
  • Add a dynamic ip and port NAT rule to hide the outgoing traffic behind your public IP that you received by DHCP by your ISP
  • Add a security policy rule that allows outgoing traffic
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!