VMware Cloud Community
Sami2121
Contributor
Contributor
‎04-09-2017 03:39 PM

Hosts on same port group can't talk with each other

Hi Everyone,

Newbie setting its home lab here. I'm running ESXi 6.5 on intel NUC. I configured a port group with multiple VMs assigned to it. However, not all hosts are able to ping each other. Windows 7, Windows 8.1 and ubuntu VMs can talk to each other. However, the Palo Alto Network firewall VM can't ping and can't be pinged. The strange thing is that I see the MAC addresses of the other VMs in the arp table of the firewall (but don't see the arp of firewall in the VMs arp table). As the firewall VM interface has to be VMXNET3, I changed it on some hosts as well, but without any success.

Any idea about what the problem might be ?

Help greatly appreciated.

Reply
0 Kudos
3 Replies
TechMassey
Hot Shot
Hot Shot
‎04-09-2017 04:58 PM

Awesome you are jumping into the ESXi world which as you have found is very complicated.

First item, based on the description you have a single NUC running ESXi. Based on that, It sounds like you are referring to the VMs as "hosts" and actually they are considered "Guest OS" while the host is the ESXi installation. No worries though, just usual terminology for a specific environment that comes in time.

The vmxnet3 adapter is more about modern NIC features and shouldn't be needed unless specified. I found what I believe is the same Palo Alto VM specifications you are referring to in this link

Based on that information, I suspect the issue is the NIC interface configuration on the Palo Alto. Specifically, a firewall will normally have a minimum of two interfaces, internal/external. It may be that it is applying external firewall policies which are more restrictive for example.

That is my guess at least, let us know.


Please help out! If you find this post helpful and/or the correct answer. Mark it! It helps recgonize contributions to the VMTN community and well me too 🙂
Reply
0 Kudos
vembutech1
Hot Shot
Hot Shot
‎04-09-2017 10:56 PM

Also check, if you have VLAN, VLAN routing done across VLAN network.

Reply
0 Kudos
Sami2121
Contributor
Contributor
‎04-10-2017 03:00 PM

Thanks for your answers.

Things worked fine when I enabled promiscuous mode under the port group.

I'm still not sure why. I noticed that the MAC address of each VM are different between what ESXi displays within the port group topology menu and what you can see in the guest VM (using ifconfig or ipconfig). This has probably something to do with it ?

Regards.

Reply
0 Kudos