cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

L6 Presenter

I am not sure about later PaloAlto models, but on mine at least, the dedicated management interface does not support VLAN tagging. You must connect it to an access switch port. Generally, you want the management interface on a separate subnet, accessible only from specific devices. Though I don't believe it will cause any specific errors if it is on the same subnet as the internal Trust zone.

 

One thing to make sure of though, is that the HA data and management ports are on a completely separate network, that there are no explicit routes to over the data or management interfaces to the same IP ranges.

View solution in original post

Who rated this post