I’m working in an inherited Netbrain install. One pair of our Palo Alto NGFWs only show HA and management interfaces, none of the physical ethernet interfaces. This causes issues when searching paths that run through these firewalls.
A path search that traverses this firewall will start with a switch directly connected to the firewall. If the next hop from the layer 3 switch is an ethernet interface/zone on the Palo Alto, Netbrain places an End System on the map. The end system’s IP address is the one assigned to the PA ethernet interface. The path ends with this “end system” (and a Path Failed message: Gateway device was not found), as there is no apparent discovered route from the source zone to the destination zone in the firewall, and then to the eventual destination.
When viewing the firewall’s config in Netbrain, the physical interfaces are listed, along with the virtual router’s associated zones, corresponding interfaces and routes.
+++
In comparison, a different pair of Palo Altos seem to be configured differently. The “parent” firewall is listed as a device, but each of it’s several virtual systems (vsyses) are all represented individually - as separate firewalls. I prefer this type of display, as it eliminates any confusion about which vsys is related to the path.
How do I change the first firewall’s representation to mirror that of the second firewall so each of the virtual systems show independently with their own interfaces and routes?
Thanks,
PF

