Why is it not possible to Enable SD-WAN on a interface configured with 2 or more IP address?

Why is it not possible to Enable SD-WAN on a interface configured with 2 or more IP address?

16821
Created On 04/27/20 22:01 PM - Last Modified 07/29/25 10:57 AM


Question


  • When attempting to ‘Enable SD-WAN’ on a interface configured with 2 or more ip address the commit fails.
  • Attempting to add a secondary ip address to a ‘Enabled SD-WAN’ interface it fails as well.

Environment


  • PAN-OS 9.1
  • Palo Alto Firewall.

Answer


By design SD-WAN allows only single IP address. So it is not possible  to enable SD-WAN on a interface configured with 2 or more IP address.

 

Additional Information


 
Conversely one will not be able to configure a secondary ip address on an interface with SD-WAN enabled that has ip address configured.

When attempting to ‘Enable SD-WAN’ on a dual ip configured interface or attempt to add a secondary ip address to a SD-WAN enabled interface the border surrounding the attempted ip address configuration highlights in red to indicate an error. To see additional information regarding the error move/hover the cursor above the red border line and a message will briefly be displayed indicating information regarding miss-configuration(see picture below).
 
Error message on Interface configuration
 
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPpMCAW&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language