https://live.paloaltonetworks.com/t5/general-topics/communication-between-2-segments-in-2-zones-diferents/m-p/534914#M110050 <P>I have a problem to be able to communicate internally my different segments which are declared in two different interfaces and in different zones.</P> <P>I dont use vlan's</P> <P><BR />Eth 1/6= WAN 141.201.78.43/27</P> <P>&nbsp;</P> <P>Eth 1/8= LAN<BR />10.144.3.19/26<BR />10.144.3.64/26</P> <P>&nbsp;</P> <P>Eth 1/4= LAN2<BR />192.168.200.254/24</P> <P>&nbsp;</P> <P>Interfaces</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Fipaterm_1-1679082061379.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48868i5923ED2D40698E9B/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Fipaterm_1-1679082061379.png" alt="Fipaterm_1-1679082061379.png" /></span></P> <P>&nbsp;</P> <P>Routes static</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Fipaterm_0-1679081978740.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48867i149B95B060F4BFFC/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Fipaterm_0-1679081978740.png" alt="Fipaterm_0-1679081978740.png" /></span></P> <P>policies</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Fipaterm_2-1679082177979.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48869iAD3E9E10F4587D34/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Fipaterm_2-1679082177979.png" alt="Fipaterm_2-1679082177979.png" /></span></P> <P>&nbsp;</P> <P>I dont use vlan's</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 17 Mar 2023 19:43:37 GMT Fipaterm 2023-03-17T19:43:37Z https://live.paloaltonetworks.com/t5/general-topics/communication-between-2-segments-in-2-zones-diferents/m-p/534914#M110050 <P>I have a problem to be able to communicate internally my different segments which are declared in two different interfaces and in different zones.</P> <P>I dont use vlan's</P> <P><BR />Eth 1/6= WAN 141.201.78.43/27</P> <P>&nbsp;</P> <P>Eth 1/8= LAN<BR />10.144.3.19/26<BR />10.144.3.64/26</P> <P>&nbsp;</P> <P>Eth 1/4= LAN2<BR />192.168.200.254/24</P> <P>&nbsp;</P> <P>Interfaces</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Fipaterm_1-1679082061379.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48868i5923ED2D40698E9B/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Fipaterm_1-1679082061379.png" alt="Fipaterm_1-1679082061379.png" /></span></P> <P>&nbsp;</P> <P>Routes static</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Fipaterm_0-1679081978740.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48867i149B95B060F4BFFC/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Fipaterm_0-1679081978740.png" alt="Fipaterm_0-1679081978740.png" /></span></P> <P>policies</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Fipaterm_2-1679082177979.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48869iAD3E9E10F4587D34/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Fipaterm_2-1679082177979.png" alt="Fipaterm_2-1679082177979.png" /></span></P> <P>&nbsp;</P> <P>I dont use vlan's</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 17 Mar 2023 19:43:37 GMT https://live.paloaltonetworks.com/t5/general-topics/communication-between-2-segments-in-2-zones-diferents/m-p/534914#M110050 Fipaterm 2023-03-17T19:43:37Z https://live.paloaltonetworks.com/t5/general-topics/communication-between-2-segments-in-2-zones-diferents/m-p/534929#M110051 <P>By default, Zone to Zone communication is blocked by the interzone-default Security Policy. So if you want to allow LAN to talk with nueva_LAN you need to create a security rule to allow the interzone traffic. I.e.</P> <P class="lia-indent-padding-left-30px">Name = Allow LAN to nueva_LAN</P> <P class="lia-indent-padding-left-30px">Src.Zone = LAN</P> <P class="lia-indent-padding-left-30px">Src.Address = 10.0.0.0/8</P> <P class="lia-indent-padding-left-30px">Dst.Zone = nueva_LAN</P> <P class="lia-indent-padding-left-30px">Dst.Address = 192.168.200.254/24</P> <P class="lia-indent-padding-left-30px">Action = Allow</P> <P class="lia-indent-padding-left-30px">&nbsp;</P> <P class="lia-indent-padding-left-30px">Name = Allow nueva_LAN to LAN</P> <P class="lia-indent-padding-left-30px">Src.Zone = nueva_LAN</P> <P class="lia-indent-padding-left-30px">Src.Address = 192.168.200.254/24</P> <P class="lia-indent-padding-left-30px">Dst.Zone = LAN</P> <P class="lia-indent-padding-left-30px">Dst.Address = 10.0.0.0/8</P> <P class="lia-indent-padding-left-30px">Action = Allow</P> <P>&nbsp;</P> <P>Update the above Security Policies to allow what you want based on your internal security requirements. You will also want to modify your Security and NAT Policies for Internet access from the new VLAN:</P> <P class="lia-indent-padding-left-30px">Name = Allow traffic to Internet</P> <P class="lia-indent-padding-left-30px">Src.Zone = LAN, nueva_LAN</P> <P class="lia-indent-padding-left-30px">Src.Address = 10.0.0.0/8, 192.168.200.254/24</P> <P class="lia-indent-padding-left-30px">Dst.Zone = INTERNET</P> <P class="lia-indent-padding-left-30px">Dst.Address = any</P> <P class="lia-indent-padding-left-30px">Action = Allow</P> <P>&nbsp;</P> <P>You do not need to add anything to the routing table unless you have created multiple routing tables and put the nueva_LAN interface in a different table.</P> Fri, 17 Mar 2023 23:52:58 GMT https://live.paloaltonetworks.com/t5/general-topics/communication-between-2-segments-in-2-zones-diferents/m-p/534929#M110051 Adrian_Jensen 2023-03-17T23:52:58Z https://live.paloaltonetworks.com/t5/general-topics/communication-between-2-segments-in-2-zones-diferents/m-p/534930#M110052 <P>very thanks</P> Sat, 18 Mar 2023 00:00:08 GMT https://live.paloaltonetworks.com/t5/general-topics/communication-between-2-segments-in-2-zones-diferents/m-p/534930#M110052 Fipaterm 2023-03-18T00:00:08Z