How to troubleshoot the WAN connectivity if resources towards Internet or MPLS are not working

How to troubleshoot the WAN connectivity if resources towards Internet or MPLS are not working

3952
Created On 01/12/23 00:11 AM - Last Modified 10/04/24 18:47 PM


Objective


  • For WAN connectivity, an ION device can connect to multiple Internet and MPLS networks
  • The ION device routes traffic on MPLS or Internet based on path policy setup.
  • If any traffic does not take the desired path, the WAN connections must be examined.
  • The article provides some of the troubleshooting steps for the same.

Environment


  • Prisma SD-WAN
  • Prisma SASE
  • ION

Procedure


  • The type of the WAN connectivity(Public/private) is determined by the type of Circuit label configured under "Internet Circuits" and "Private WAN Internet" as follows.
WAN
  • Ensure that the correct Circuit label is attached to the Public or Private Interface.
Screenshot 2023-01-12 at 10.53.10 AM.png
  •  In Prisma SD-WAN, the controller pushes the configuration to the ION device, hence the config will sync between the controller and the ION device as follows. The Circuit label information is updated
SUMAN_BR1_CG1# dump interface config 1
Interface               : 1
Description             : .
ID                      : 15940610379010198
Type                    : port
Used For                : public
Admin State             : up
Alarms                  : enabled
NetworkContextID        :
IpfixCollectorContextID : 16262017541490245
IpfixFilterContextID    :
Scope                   : local
Directed Broadcast      : false
MTU                     : 1500
IP                      : static
  Address               : 10.66.0.75/22
  Route                 : 0.0.0.0/0 via 10.66.0.1 metric 0
  DNS Server            : 8.8.8.8
NatAddress:Port         : 106.51.85.41:4500
NatZoneID               : 15793375606790002
Wan ID                  : 16161416151310216 publicwan
  CircuitLabel          : Circuit to Internet
  PathLabel             : public-1
  BW                    : manual, up 100.000000 down 300.000000
  QoS                   : enabled
  LQM                   : enabled
  PCM                   : enabled
  • Ensure that the layer 2 connectivity is up, which will show the mac address of the modem 
SUMAN_BR1_CG1# inspect system arp interface=1

Address                  HWtype  HWaddress           Flags Mask            Iface
10.66.0.1                ether   78:02:b1:5b:14:cb   C                     eth1
  • Use the below commands to get additional logs of the connectivity
# ping <internet_interface> <gw_ip>
# tcpdump <inet_int> args="host <gw_ip> and arp" show
# ping <private_interface> <gw_ip>
# tcpdump <private_int> args="host <gw_ip> and arp" show

 



 

Additional Information


For more information refer to the link : Prisma sd-wan admin guide
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kGDnCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language