- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-01-2014 04:21 AM
Dear Friends,
I have 2 interfaces in PAN->lan zone and internet zone
ISP router-huawei mac is not learned in palo alto firewall..As a result, Internet not working
But when i add static ARP entry for huawei router in ISP interface, Internet is working fine.
Please suggest to me.Thanks
Regards
Satish
09-01-2014 04:36 AM
Hi Satish
could you share parts of your config? especially interesting is the configuration of the interfaces and the virtual router + the output of > show routing route and > show arp all
one thing that comes to mind is taht there could be a subnet mismatch between the interface and the IP of the default gateway eg if: 10.0.0.1/25 dg: 10.0.0.254 , this could cause such issue
09-01-2014 04:46 AM
Hi Tpiens,
Thanks for your reply but i have done the following things:
Disable/delete Source-Nat dynamic and port translated address Policy
Clear session
Ping source internet ip host 4.2.2.2
Then check all of the possible issues noted in this document: https://live.paloaltonetworks.com/docs/DOC-7571
I can't able to findout why it happen...Please suggest.
09-01-2014 04:47 AM
Hi Ajbool,
Thanks for reply but both device config is same.
Regards
Satish
09-01-2014 05:07 AM
Hi Satish
can you get the output of:
> show routing route
> show interface all
> show arp all
09-01-2014 05:16 AM
Hello Satish,
Try to find out 2 possibilities here.
1-- PAN is sending the ARP request, but the ISP router is not responding back. You can take a packet capture on the PAN firewall. Ref DOC: How To Capture ARP Packets on an Interface
2-- PAN FW itself is not sending the ARP broadcast mesage. In this situation, you can forecefully send a Gratuitous ARP (GARP) message to update an ARP table of the ISP routers ARP table. Ref DOC: Trigger a Gratuitous ARP (GARP) from a Palo Alto Networks Device
Hope this helps.
Thanks
09-01-2014 05:27 AM
Thanks Dud.. Let me check and i will come back to you. Regards Satish
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!