Firewall Interface Not Responding to Pings

Firewall Interface Not Responding to Pings

103699
Created On 09/25/18 19:25 PM - Last Modified 06/02/23 03:41 AM


Resolution


Issue

Pinging a firewall interface from a workstation doesn't work, pings timeout with no response

 

Resolution

  1. Verify that the interface has a management profile allowing pings
  2. Verify that the profile has the host IP allowed in the permitted addresses list.
  3. If there is a deny all policy rule at the bottom, make sure there is a same zone policy configured allowing pings.
  4. Set up Packet Capture bidirectional filters which include both the IP address of the firewall being pinged, and the IP address of the workstation from which the test is run. (10.1.1.1 and 20.2.2.2 for this example)

    pcap.JPG

  5. Start the packet capture and look at the counters using show counter global filter packet-filter yes delta yes
  6. Make sure that pkt_recv and pkt_sent counters are incrementing to verify that the interface is passing the traffic.
  7. If the following can be seen: flow_policy_nat_land 2 1 drop flow session Session setup: source NAT IP allocation result in LAND attack, make sure that the NAT policy is changed to specific source and destination zones.

 

owner: sraghunandan
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClY8CAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language