topic 9.1.14-h4 and subnet shared between multiple vSYS in General Topics https://live.paloaltonetworks.com/t5/general-topics/9-1-14-h4-and-subnet-shared-between-multiple-vsys/m-p/516366#M107231 <P>Hello All,</P> <P>&nbsp;</P> <P>We are checking a corner case design where we have PA-3220 firewall with 9.1.14-h4 software version. It has 2 vSYS enabled already and we have simple setup: ISP_Router ---- L2 Switch ---- Firewall. The question I have: is it possible to use same subnet/same VLAN ID for subinterfaces between 2 vSYS?</P> <P>&nbsp;</P> <P>For example we have a port-channel assigned to vSYS1, where we have subinterfaces like ae1.101, ae1.102 and ae1.103.</P> <P>&nbsp;</P> <P>We want to create another subinterface for example on port Ethernet1/15, which will look like Ethernet1/15.101, which will be assigned to vSYS2. Also we want Ethernet1/15.101 to have same subnet as ae1.101, but of course with different IP address. For example 1.1.1.1/24 for ae1.101 and 1.1.1.2/24 for Ethernet1/15.101.</P> <P>&nbsp;</P> <P>It looks like in 10.1.x such configuration will be at least accepted by firewall. As we have no lab 9.1.14 to try it, can you tell me if such setup supposed to be working on 9.1.14?</P> <P>&nbsp;</P> <P>Thanks!</P> Thu, 29 Sep 2022 13:41:44 GMT Andreikin 2022-09-29T13:41:44Z 9.1.14-h4 and subnet shared between multiple vSYS https://live.paloaltonetworks.com/t5/general-topics/9-1-14-h4-and-subnet-shared-between-multiple-vsys/m-p/516366#M107231 <P>Hello All,</P> <P>&nbsp;</P> <P>We are checking a corner case design where we have PA-3220 firewall with 9.1.14-h4 software version. It has 2 vSYS enabled already and we have simple setup: ISP_Router ---- L2 Switch ---- Firewall. The question I have: is it possible to use same subnet/same VLAN ID for subinterfaces between 2 vSYS?</P> <P>&nbsp;</P> <P>For example we have a port-channel assigned to vSYS1, where we have subinterfaces like ae1.101, ae1.102 and ae1.103.</P> <P>&nbsp;</P> <P>We want to create another subinterface for example on port Ethernet1/15, which will look like Ethernet1/15.101, which will be assigned to vSYS2. Also we want Ethernet1/15.101 to have same subnet as ae1.101, but of course with different IP address. For example 1.1.1.1/24 for ae1.101 and 1.1.1.2/24 for Ethernet1/15.101.</P> <P>&nbsp;</P> <P>It looks like in 10.1.x such configuration will be at least accepted by firewall. As we have no lab 9.1.14 to try it, can you tell me if such setup supposed to be working on 9.1.14?</P> <P>&nbsp;</P> <P>Thanks!</P> Thu, 29 Sep 2022 13:41:44 GMT https://live.paloaltonetworks.com/t5/general-topics/9-1-14-h4-and-subnet-shared-between-multiple-vsys/m-p/516366#M107231 Andreikin 2022-09-29T13:41:44Z Re: 9.1.14-h4 and subnet shared between multiple vSYS https://live.paloaltonetworks.com/t5/general-topics/9-1-14-h4-and-subnet-shared-between-multiple-vsys/m-p/516478#M107252 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/206623">@Andreikin</a>,</P> <P>From what you've described there's no reason that this wouldn't work on 9.1. You aren't&nbsp;<EM>sharing&nbsp;</EM>anything in this case, it's logically a different system and the fact that there's an overlap doesn't matter as long as you aren't trying to do anything with inter-vsys routing that you'd have to take into account.&nbsp;</P> Fri, 30 Sep 2022 14:54:39 GMT https://live.paloaltonetworks.com/t5/general-topics/9-1-14-h4-and-subnet-shared-between-multiple-vsys/m-p/516478#M107252 BPry 2022-09-30T14:54:39Z