Hi All,
We have the setup as shown below,
In this scenario, Layer 2 switch (2960) showing the MAC address of the Exchange server learnt through the interface of the switch Gi 0/1 which connects to the PAN firewall in V-wire mode to an ASA .
We connected PA direclty to Core switch and made a static entry in switch for MAC address entry the port where exchange server is connected. Now it is working.
But we need permanent fix and the reason why PaloAlto id doing this? 😞 we have more info after the below snap
troubleshoot an issue seen with connectivity to Exchange server cluster IP 172.16.12.190 from any of the remote locations and when the issue occurred, we could notice that the Layer 2 switch showing the MAC of the end host learnt through the interface of the switch Gi 0/1 which connects to the PAN firewall in V-wire mode to an ASA. Though the traffic path for reaching this server does not involve the PAN V-Wire, when the issue occurred, the flow shows at the receive stage in PAN packet capture and traffic logs. The issue is not seen when PAN V-wire is removed from the connectivity.
Thank you,
Guru
