So, I am new to Palo Alto firewalls and have had an interesting time getting to know their functions. I have a question which I have not been able to find the answer on regarding HA path monitoring setup specifically with a virtual router. Albeit, I have only been looking for a few days. According to my understanding, when you setup path monitoring and you choose "virtual-router" for the type, there is no option to specify a source interface or IP. This is because it uses the virtual-router’s routing table to get to the destination in your path monitoring group. However, every ping MUST have a source IP. This begs the question, Which source interface/IP does the PA unit use in order to ping the destination IP for the condition to be true? For instance, Should path monitoring be setup with a destination to plain old 18.104.22.168 to simply monitor very basic internet connectivity, and we have a static default route in the routing table in order to handle this. Does the PA use the interface (and therefor IP) to which it has the closest route towards this destination path? Or does it for some reason use it’s management interface? (I hope not) Does anyone know?
... View more