06-25-2024 07:18 AM - edited 06-25-2024 07:25 AM
Hi All,
This is not a new setup but currently we are doing migration of one of our L3OUT firewall. Old one is cisco ASA and we are migrating to Palo Alto Firewall. Post migration couple of our subnet which is supposed to be advertised externally is not happening. Between PA firewall and leaf Node we have OSPF running and OSPF neighborship is established. We have issue with only 2 subnets.
I have checked below thing:
1. Though this is not a new setup and issue with 2 subnet, still i checked BGP and Route Reflector config which shows good.
2.In subnet section under BD, Scope is set to "Advertise Externally" and i see L3OUT is present under "Associated L3OUT". Unicast Routing is enabled. L2 Unknown Unicast- Hardware proxy
3. I have contract in place associated to EPG as well as L3OUT
Someone please advice.
Thankyou
11-06-2024 02:33 AM
Hey Nitesh,
Here are some steps and considerations to help you troubleshoot the issue with the two subnets not being advertised externally after migrating to the Palo Alto Firewall:
Details:
Verify OSPF Configuration:
Check OSPF Route Redistribution:
Inspect Palo Alto Firewall Policies:
Review ACI Configuration:
Check Contracts and EPGs:
Inspect Route Reflector Configuration:
Check Palo Alto Firewall Logs:
Perform Route Tracing:
Verify OSPF and Redistribution:
Review Firewall Policies:
Double-Check ACI Configuration:
Inspect Logs and Perform Tracing:
Engage Vendor Support:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide