I ran into some issues with my Pulse Secure VPN appliances intermittently losing connectivity on their outside interfaces. After some investigation, we noticed that their arp table was showing all zeros for the MAC of the gateway (The Active FW from a Palo Alto HA pair). After capturing traffic, we're seeing that they are sending ARP requests to an all zero MAC and they are actually getting replys with a source MAC of all zeros and announcing the IP is at an all zero MAC. We put static ARP entries in the pulse secure VPNs and everything resolved. We've been having a lot of issues with our Palo Alto boxes after we upgraded to version 8, but in this case, the capture on the PAN shows it dropping the all zero destined ARP requests and doesn't show any replies. There is other stuff on this subnet and we're running captures to track down where the replies are coming from - but has anyone else seen any kind of behavior like this? Anything we should be looking at more closely? Thanks!
**No changes were made to any of these devices before this started occurring. The only variable would be the PAN dynamic updates.
No comments:
Post a Comment