1. Linux Client (PC01)
2. Palo Alto Firewall (PA-VM)
Both configured with 2 interfaces enabled in VirtualBox
Adapter 1: Host-only. This is for out of band management interface
Adapter 2: Internal Network. This is for actual communication between PC01 and PA-VM.
I have no issue at all with Adapter 1 setting. It's working as expected.
Code: Select all
user@PC01:~$ ifconfig | grep ad | grep -v 127
eth0 Link encap:Ethernet HWaddr AA:AA:AA:AA:AA:A1
inet addr:192.168.56.110 Bcast:192.168.56.255 Mask:255.255.255.0
eth1 Link encap:Ethernet HWaddr AA:AA:AA:AA:AA:A2
inet addr:10.1.1.110 Bcast:10.1.1.255 Mask:255.255.255.0
user@PC01:~$
Code: Select all
user@PC01:~$ ping -c 3 192.168.56.254
PING 192.168.56.254 (192.168.56.254): 56 data bytes
64 bytes from 192.168.56.254: seq=0 ttl=64 time=0.770 ms
64 bytes from 192.168.56.254: seq=1 ttl=64 time=0.554 ms
64 bytes from 192.168.56.254: seq=2 ttl=64 time=0.855 ms
--- 192.168.56.254 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.554/0.726/0.855 ms
user@PC01:~$
Code: Select all
user@PC01:~$ ping -c 3 10.1.1.254
PING 10.1.1.254 (10.1.1.254): 56 data bytes
--- 10.1.1.254 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
user@PC01:~$
tcpdump output from PC01 shows that vm firewall is completely unreachable even though they're (supposed to) connected back to back in the same network segment.
Code: Select all
user@PC01:~$ sudo tcpdump -i any net 10.1.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
21:49:38.979460 ARP, Request who-has 10.1.1.254 tell 10.1.1.110, length 28
21:49:39.981377 ARP, Request who-has 10.1.1.254 tell 10.1.1.110, length 28
21:49:40.985748 IP 10.1.1.110 > 10.1.1.110: ICMP host 10.1.1.254 unreachable, length 92
21:49:40.985763 IP 10.1.1.110 > 10.1.1.110: ICMP host 10.1.1.254 unreachable, length 92
21:49:40.985766 IP 10.1.1.110 > 10.1.1.110: ICMP host 10.1.1.254 unreachable, length 92
Code: Select all
user@PC01:~$ arp -i eth1
? (10.1.1.254) at <incomplete> on eth1
user@PC01:~$
Code: Select all
admin@PA-VM> show interface all
total configured hardware interfaces: 1
name id speed/duplex/state mac address
--------------------------------------------------------------------------------
ethernet1/1 16 1000/full/up zz:zz:zz:zz:zz:z1
aggregation groups: 0
total configured logical interfaces: 1
name id vsys zone forwarding tag address
------------------- ----- ---- ---------------- ------------------------ ------ ------------------
ethernet1/1 16 1 N/A 0 10.1.1.254/32
admin@PA-VM>
For the record, I was able to use the same VirtualBox setting on 2 Linux guests. May I know why the same setting doesn't work on PA-VM? Any idea how to make Layer 1 communication successful in VirtualBox?
This is the screenshot of my VirtualBox network setting.
I'll post the screenshot tomorrow as I've just joined this forum.
You must be a member for 1 days and have 1 posts before you can post urls.