10-18-2021 11:09 AM
I have a ESXI Server with firewall (Inside, DMZ and Outside) zones
Palo Alto has a rule to allow interzone traffice from inside to outside
Palo Alto has NAT configured for Outside Interface
When I try to ping from host to host on in the same port group...all is good.
When I try to ping to the Inside Firewall Interface, the ping times out..."Destination Unreachable.
Host---->Vnic------->Port Group-------->Vswitch....
10-20-2021 01:00 AM - edited 10-20-2021 01:01 AM
Hi @ETate So as per my understanding, you are trying to ping inside (or Data Plane) interface of the firewall. I would recommend you to check few things given below-
1. Check if Interface MGMT profile is configured on the interface which actually allows required services like ping on it.
2. Check routing to reach host from the firewall. If interface IP is configured using /32 subnet mask, you would need to define specific routes for the host to reach.
3. Verify the traffic logs on the firewalls to see what's happening on the firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
