Commit Warning: Next Hop IP is not in Subnet of Outgoing Interface

Commit Warning: Next Hop IP is not in Subnet of Outgoing Interface

30247
Created On 04/25/19 08:00 AM - Last Modified 10/21/21 20:15 PM


Symptom


  • After upgrading to PAN-OS 9.0, the following message is seen if the next hop IP address of the static route is not in the subnet of the outgoing interface.
Static route <static-route-name> next hop IP <IP-address> is not in subnet of outgoing interface <outgoing-interface>"
 
User-added image

Environment


  • Palo Alto Firewall
  • PAN-OS 9.0 and above
  • Static Routes

Cause


This is a new check introduced in 9.0 part of the new feature where FQDN can be used as "Next Hop."
An FQDN used as a static route next hop must resolve to an IP address that belongs to the same subnet as the interface you configured for the static route.

For consistency, any option used for "Next Hop" will be subjected to this check.

NOTE: This is only a warning and does not cause the commit to fail.

Resolution


Ensure that the next hop must resolve to an IP address that belongs to the same subnet as the interface you configured for the static route.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLlGCAW&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language