-
Notifications
You must be signed in to change notification settings - Fork 34
Management interface is attached to elastic IP, PA did not recognize two NICs #39
Comments
Try rebooting the firewall..and see if that helps
…--
/narayan
From: Schizamp <notifications@github.com>
Reply-To: PaloAltoNetworks/aws-transit-vpc <reply@reply.github.com>
Date: Tuesday, August 14, 2018 at 8:47 AM
To: PaloAltoNetworks/aws-transit-vpc <aws-transit-vpc@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [PaloAltoNetworks/aws-transit-vpc] Management interface is attached to elastic IP, PA did not recognize two NICs (#39)
Wondering if anyone else is seeing this, am following the documentation closely. Was able to run the CFTs and link a subscriber VPC. The PAGroup template ran, spun up two nodes with two ENIs, one in an untrust subnet with elastic IP attached, another in a trusted subnet. When I log into the Palo Alto device, it has only recognized one interface, the public interface, and has associated management to it. I can browse to the web UI from the internet.
[Image removed by sender. image]<https://urldefense.proofpoint.com/v2/url?u=https-3A__user-2Dimages.githubusercontent.com_35105617_44092517-2Daa66f47c-2D9f9e-2D11e8-2D96fa-2D29a2f026470b.png&d=DwMCaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=yaPPNRHFJOEqZ9-bfG64oiDWvBigyIWTnqkw0GQeLyU&m=rjEzxbwIOg8GFFvF1t6UiGzu1_0QyZPFD9zzw1fsPmg&s=9XTI47lwuM63LjXcBHkLMihJOxqONSByF-OfPF_hnmg&e=>
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_PaloAltoNetworks_aws-2Dtransit-2Dvpc_issues_39&d=DwMCaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=yaPPNRHFJOEqZ9-bfG64oiDWvBigyIWTnqkw0GQeLyU&m=rjEzxbwIOg8GFFvF1t6UiGzu1_0QyZPFD9zzw1fsPmg&s=-qTnLs4NCXzx81sRbWlkgXPsNM3I3S-PeYpHJlyppyw&e=>, or mute the thread<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ARFcacK6DsJ-2DH6tYxKK-5Fkh4Mag3rctBAks5uQsbpgaJpZM4V8Xna&d=DwMCaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=yaPPNRHFJOEqZ9-bfG64oiDWvBigyIWTnqkw0GQeLyU&m=rjEzxbwIOg8GFFvF1t6UiGzu1_0QyZPFD9zzw1fsPmg&s=nOpdXGFHPbw0KIiwX5-F_75eFaA9-ON3rqsGxmLqSKE&e=>.
|
Will try that. Also found that in the Powerpoint deployment guide, it says to "Verify FW1 Interfaces and default route. Double check that your e1/1 has the correct IP/Mask." Since mine does not, it only has the secondary ENI IP that has the EIP attached, I'm guessing I need to change this. It seems odd to call it out specifically in the deployment guide if there wasn't an issue with this. |
The second interface did not light up. @narayan-iyengar did you experience the same issue or have to update the IP/mask on eth1/1? |
Found out that the management interface (eth0) is not listed on this page, it's under Devices > Interfaces. I removed the Management Profile DataPlane from eth1 and was able to make the management interface private. I think this was more of an issue of me not being a network guy or knowing Palo Alto. I'll go ahead and close. |
Wondering if anyone else is seeing this, am following the documentation closely. Was able to run the CFTs and link a subscriber VPC. The PAGroup template ran, spun up two nodes with two ENIs, one in an untrust subnet with elastic IP attached, another in a trusted subnet. When I log into the Palo Alto device, it has only recognized one interface, the public interface, and has associated management to it. I can browse to the web UI from the internet.
The text was updated successfully, but these errors were encountered: