https://live.paloaltonetworks.com/t5/general-topics/multiple-dmz-setup-question/m-p/2955#M2195 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P>I'm looking to create 2 dmz's on the PAN as separate networks.&nbsp; This is how I have it envisioned and would appreciate any feedback.</P><P>1. configure two layer 3 interafaces with GW IP assigned<BR />2. assign security zone to each interface<BR />3. attach each interface to existing VR<BR />4. route internal dmz address networks to each interface in VR<BR />5. set security and nat policies as appropriate</P><P>I know I could configure the interfaces as layer 2 as spelled out in the L2 networking pdf, but I'm unable to do that in this situation.&nbsp; Are there any considerations I should be aware of?&nbsp; My existing VR is used for VPN tunnels only.&nbsp; Should I consider a separate VR?</P><P></P><P>Thanks,<BR />Ian</P></BODY></HTML> Fri, 05 Oct 2012 16:57:33 GMT iguarino 2012-10-05T16:57:33Z https://live.paloaltonetworks.com/t5/general-topics/multiple-dmz-setup-question/m-p/2955#M2195 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P>I'm looking to create 2 dmz's on the PAN as separate networks.&nbsp; This is how I have it envisioned and would appreciate any feedback.</P><P>1. configure two layer 3 interafaces with GW IP assigned<BR />2. assign security zone to each interface<BR />3. attach each interface to existing VR<BR />4. route internal dmz address networks to each interface in VR<BR />5. set security and nat policies as appropriate</P><P>I know I could configure the interfaces as layer 2 as spelled out in the L2 networking pdf, but I'm unable to do that in this situation.&nbsp; Are there any considerations I should be aware of?&nbsp; My existing VR is used for VPN tunnels only.&nbsp; Should I consider a separate VR?</P><P></P><P>Thanks,<BR />Ian</P></BODY></HTML> Fri, 05 Oct 2012 16:57:33 GMT https://live.paloaltonetworks.com/t5/general-topics/multiple-dmz-setup-question/m-p/2955#M2195 iguarino 2012-10-05T16:57:33Z https://live.paloaltonetworks.com/t5/general-topics/multiple-dmz-setup-question/m-p/2956#M2196 <HTML><HEAD></HEAD><BODY><P>You are in the right path, can you please brief the problem you are facing with the config ?. Are u not able to configure L3 interfaces or what is the problem that you are facing?&nbsp; You do not need two VR's for this. One virtual router should be fine.</P><P>Thanks,</P><P>Sandeep T</P></BODY></HTML> Fri, 05 Oct 2012 20:31:50 GMT https://live.paloaltonetworks.com/t5/general-topics/multiple-dmz-setup-question/m-p/2956#M2196 sdurga 2012-10-05T20:31:50Z https://live.paloaltonetworks.com/t5/general-topics/multiple-dmz-setup-question/m-p/2957#M2197 <HTML><HEAD></HEAD><BODY><P>Hi Ian,</P><P></P><P>As per the description, I am assuming you might be doing the following:</P><P></P><P>1) Tying to add L3 interface and L2 in the same DMZ zone: It might not be possible because the Zones are defined based on Zone type, they should be either layer 3 or layer 2 or vwire or tap, we can not create a combination out of it.</P><P></P><P>2) If the above assumption is wrong, the next thing I can assume is that you are trying to configure two DMZ zone with same name but one for layer 3 and another for layer 2, that would also not be possible because by design we can not have two zone with same name even though they are of different type.</P><P></P><P>Let us know if you are trying something else, we would try our best to respond you back as soon as possible.</P><P></P><P>Thanks,</P><P>Khubaib Alavi&nbsp; </P></BODY></HTML> Fri, 05 Oct 2012 23:22:45 GMT https://live.paloaltonetworks.com/t5/general-topics/multiple-dmz-setup-question/m-p/2957#M2197 kalavi 2012-10-05T23:22:45Z https://live.paloaltonetworks.com/t5/general-topics/multiple-dmz-setup-question/m-p/2958#M2198 <HTML><HEAD></HEAD><BODY><P>Thanks guys.&nbsp; The issue was a bad configuration on the vmhost side.&nbsp; I just wanted to get a sanity check on my side of the config.</P></BODY></HTML> Thu, 11 Oct 2012 12:58:41 GMT https://live.paloaltonetworks.com/t5/general-topics/multiple-dmz-setup-question/m-p/2958#M2198 iguarino 2012-10-11T12:58:41Z