https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-subinterface/m-p/581359#M2866 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1278486673">@pyrainath</a>, I would like to highlight two important considerations regarding this scenario:</P> <OL> <LI>To create a subinterface, it is necessary to establish a VLAN in the configuration.</LI> <LI>Having two IPs from the same subnet on different interfaces or subinterfaces is not permissible.</LI> </OL> <P>Regards</P> Fri, 22 Mar 2024 15:22:08 GMT jpomachagua 2024-03-22T15:22:08Z https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-subinterface/m-p/581174#M2860 <P>Greetings,</P> <P>&nbsp; &nbsp;i have some doubts in configuring sub interface. i have eth1/1 (physical interface)ip-10.0.2.1 now for some testing i want to configure a sub interface for eth1/1 with same subnet like 10.0.2.2 and without vlan tag.</P> <P>will this work ???&nbsp;</P> <P>can i have same network on both physical and sub interfaces ??</P> <P>what should i be aware of????</P> Thu, 21 Mar 2024 10:26:31 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-subinterface/m-p/581174#M2860 pyrainath 2024-03-21T10:26:31Z https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-subinterface/m-p/581359#M2866 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1278486673">@pyrainath</a>, I would like to highlight two important considerations regarding this scenario:</P> <OL> <LI>To create a subinterface, it is necessary to establish a VLAN in the configuration.</LI> <LI>Having two IPs from the same subnet on different interfaces or subinterfaces is not permissible.</LI> </OL> <P>Regards</P> Fri, 22 Mar 2024 15:22:08 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-subinterface/m-p/581359#M2866 jpomachagua 2024-03-22T15:22:08Z https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-subinterface/m-p/581447#M2872 <P>greetings,</P> <P>Thank you so much for the information.....</P> Sat, 23 Mar 2024 05:33:48 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-subinterface/m-p/581447#M2872 pyrainath 2024-03-23T05:33:48Z https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-subinterface/m-p/581448#M2873 <P>hello <SPAN class="UserName lia-user-name lia-user-rank-L2-Linker"><SPAN class="lia-link-navigation lia-page-link lia-link-disabled lia-user-name-link" aria-disabled="true"><SPAN class="">Jpomachagua,</SPAN></SPAN></SPAN></P> <P><SPAN class="UserName lia-user-name lia-user-rank-L2-Linker"><SPAN class="lia-link-navigation lia-page-link lia-link-disabled lia-user-name-link" aria-disabled="true"><SPAN class="">The thing is we are borrowing bandwidth from another dept in my company .so they have a firewall. they give us some private ips and we configured that ip on one interface for example 10.x.x.1/29 and they map this ip with a public ip for our vpn connection. they have already mapped another public ip with 10.x.x.2/28 and this private ip is not yet configured on our firewall. now we have a requirement to host a webserver so we were hopping that we could dnat through 10.x.x.2/28. in order to do that we need to configure that ip on our firewall thats why we hope sub interface will do that job.</SPAN></SPAN></SPAN></P> <P><SPAN class="UserName lia-user-name lia-user-rank-L2-Linker"><SPAN class="lia-link-navigation lia-page-link lia-link-disabled lia-user-name-link" aria-disabled="true"><SPAN class="">1.can you give any other suggestion to make this work. ?</SPAN></SPAN></SPAN></P> <P><SPAN class="UserName lia-user-name lia-user-rank-L2-Linker"><SPAN class="lia-link-navigation lia-page-link lia-link-disabled lia-user-name-link" aria-disabled="true"><SPAN class="">2.what will actually happen if we configure&nbsp;<SPAN>two IPs from the same subnet on different interfaces or sub interfaces?</SPAN></SPAN></SPAN></SPAN></P> <P><SPAN class="UserName lia-user-name lia-user-rank-L2-Linker"><SPAN class="lia-link-navigation lia-page-link lia-link-disabled lia-user-name-link" aria-disabled="true"><SPAN class="">&nbsp;</SPAN></SPAN></SPAN></P> <DIV id="messageEditor_614c89b74bd644_0" class="MessageEditor"><A id="previewButton_614c89b74bd644_8cf4" class="lia-link-navigation lia-message-editor-preview-button" href="https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-subinterface/m-p/581359#" target="_blank">PREVIEW</A> <DIV class="lia-js-block-events"> <DIV class="lia-form-row lia-form-body-entry"> <DIV class="lia-quilt-row lia-quilt-row-standard"> <DIV class="lia-quilt-column lia-quilt-column-24 lia-quilt-column-single"> <DIV class="lia-quilt-column-alley lia-quilt-column-alley-single"> <DIV class="lia-form-input-wrapper"> <DIV id="rich_614c89b74bd644_8cf4" class="message-body-editor lia-inline-message-body-editor"> <DIV class="lia-inline-ajax-feedback"> <DIV id="ajaxFeedback_614c89b74bd644_0_8cf4" class="AjaxFeedback">&nbsp;</DIV> </DIV> <DIV id="mceu_195" class="mce-tinymce mce-container mce-panel lia-editor-gte-2" tabindex="-1" role="application"> <DIV id="mceu_195-body" class="mce-container-body mce-stack-layout"> <DIV id="mceu_196" class="mce-top-part mce-container mce-stack-layout-item mce-first"> <DIV id="mceu_196-body" class="mce-container-body"> <DIV id="mceu_197" class="mce-toolbar-grp mce-container mce-panel mce-first mce-last" tabindex="-1" role="group"> <DIV id="mceu_197-body" class="mce-container-body mce-stack-layout"> <DIV id="mceu_198" class="mce-container mce-toolbar mce-stack-layout-item mce-first" role="toolbar"> <DIV id="mceu_198-body" class="mce-container-body mce-flow-layout"> <DIV id="mceu_199" class="mce-container mce-flow-layout-item mce-first mce-last mce-btn-group" role="group"> <DIV id="mceu_199-body"> <DIV id="mceu_156" class="mce-widget mce-btn mce-btn-small mce-first" tabindex="-1" role="button" aria-label="Undo" aria-disabled="false">&nbsp;</DIV> <DIV id="mceu_157" class="mce-widget mce-btn mce-btn-small lia-mce-toolbar-bold" tabindex="-1" role="button" aria-pressed="false" aria-label="Bold">&nbsp;</DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> Sat, 23 Mar 2024 07:40:51 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-subinterface/m-p/581448#M2873 pyrainath 2024-03-23T07:40:51Z https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-subinterface/m-p/581771#M2893 <P>Hello Pyrainath</P> <P>&nbsp;</P> <P><SPAN>An option is to set up two IPs on the same interface. The first IP, for instance, could be 10.10.10.1/29, and the second IP could be 10.10.10.2/32. This approach allows you to manage two IPs without the need to create a subinterface.</SPAN></P> <P>&nbsp;</P> <P>Regards</P> Tue, 26 Mar 2024 21:33:30 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-subinterface/m-p/581771#M2893 jpomachagua 2024-03-26T21:33:30Z https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-subinterface/m-p/581805#M2895 <P>Thanks again&nbsp;<SPAN>Jpomachagua,</SPAN></P> <P>&nbsp;</P> <P>so i have already configured the ip 10.10.10.1/29 on the physical interface eth1/1. so like u said i hope to configure the ip 10.10.10.2/32 on a loopback interface, will this work in my situation?&nbsp;</P> Wed, 27 Mar 2024 06:55:41 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-subinterface/m-p/581805#M2895 pyrainath 2024-03-27T06:55:41Z