Palo Alto Networks Knowledgebase: Network Connectivity Loss in PA-VM Due to Disconnected Interface

Network Connectivity Loss in PA-VM Due to Disconnected Interface

2388
Created On 02/07/19 23:45 PM - Last Updated 02/07/19 23:45 PM
Virtual Systems Virtualization
Resolution

Issue

Users are unable to access network resources. Even though the interface is properly configured the interface remains in a gray state.

Resolution

When troubleshooting the VM-Series firewall make sure that all the physical Interfaces are connected within the ESXi host. No traffic will be able to traverse the firewall if the interfaces are not connected within the ESXi host. To check this setting connect to the ESXi host using SSH or ESXi Console.  Navigate to Configure Management Network > Network Adapters, then verify that the interfaces in question are displayed as connected.

ESXiNIC.PNG

Verify the vSwitch configuration by using the vSphere Client to connect to vCenter or directly to the ESXi host. Verify that the vSwitch or Port Group is configured to accept Promiscuous mode, MAC Address Changes, and Forged Transmits.

VSwitch3_Paint.png

Verify each vSwitch to have a physical NIC from the ESXi host to which it is assigned. In the example below Vmnic1 is connected to the ISP router and vmnic0 is connected to an internal switch. The vSwitch environment must be configured properly to pass traffic and in this scenario each vSwitch much connect to a separate physical VMNIC.

VSwitch1.2_Paint.png

owner: jperry



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClqiCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language