https://live.paloaltonetworks.com/t5/general-topics/guest-network-setup/m-p/35283#M25920 <HTML><HEAD></HEAD><BODY><P>I had a user error in the NAT <img id="smileysad" class="emoticon emoticon-smileysad" src="https://live.paloaltonetworks.com/i/smilies/16x16_smiley-sad.png" alt="Smiley Sad" title="Smiley Sad" /> Thanks for your thoughts!&nbsp; Plus I ended up setting up a PBF rules as well.</P></BODY></HTML> Thu, 25 Jul 2013 02:12:08 GMT victorallen 2013-07-25T02:12:08Z https://live.paloaltonetworks.com/t5/general-topics/guest-network-setup/m-p/35278#M25915 <HTML><HEAD></HEAD><BODY><P>Hi - What is the best method to setup a guest L3 network in PanOS?</P><P></P><P>UntrustA = Corporate</P><P>UntrustB= Guest Internet</P><P></P><P>wDMZ = Wireless DMZ for Guest Internet</P><P>trust = Corporate</P><P></P><P>Requirements =</P><P>1. wDMZ needs to get to a few specific IP's on UntrustA.</P><P>2. wDMZ needs to get to the Internet via UntrustB.</P><P></P><P>Initially I was thinking of a second vRouter? OR is policy based forwarding the way to go?</P><P></P><P>Thank you!</P></BODY></HTML> Sun, 21 Jul 2013 19:37:53 GMT https://live.paloaltonetworks.com/t5/general-topics/guest-network-setup/m-p/35278#M25915 victorallen 2013-07-21T19:37:53Z https://live.paloaltonetworks.com/t5/general-topics/guest-network-setup/m-p/35279#M25916 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If the UntrustB is used to route the Guest traffic to internet then you can use a secondary VR that has wDMZ and UntrustB.</P><P></P><P>You would need two routes in this VR</P><P></P><P>&gt; A default route to internet via untrustB for guest users to get to internet</P><P>&gt; A static route to get the corporate trust where the next hop would be type VR and value will be the primary VR.</P><P></P><P>The access from wDMZ to trust can be controlled using security polices than using routes.</P><P></P><P>Hope that helps.</P></BODY></HTML> Sun, 21 Jul 2013 21:13:22 GMT https://live.paloaltonetworks.com/t5/general-topics/guest-network-setup/m-p/35279#M25916 dpalani 2013-07-21T21:13:22Z https://live.paloaltonetworks.com/t5/general-topics/guest-network-setup/m-p/35280#M25917 <HTML><HEAD></HEAD><BODY><P>That is what I had, but Internet was not routing out UntrustB.&nbsp; DNS was routing fine to trust with policies.</P><P></P><P>I am not sure if some of my issue is with UntrustB using DHCP for it's IP address.</P><P></P><P>I had..</P><P></P><P>Zone wGuest</P><P>&gt; UntrustB</P><P>&gt; wDMZ</P><P></P><P>Static Route 0.0.0.0/0 UntrustB</P><P>Static Route (trust) x.x.x.x/24 Next - VR (trust)</P><P></P><P>I also had policy..</P><P></P><P>wDMZ to UntrustB allow everything.</P><P></P><P>Thanks for the reply!</P></BODY></HTML> Sun, 21 Jul 2013 21:36:19 GMT https://live.paloaltonetworks.com/t5/general-topics/guest-network-setup/m-p/35280#M25917 victorallen 2013-07-21T21:36:19Z https://live.paloaltonetworks.com/t5/general-topics/guest-network-setup/m-p/35281#M25918 <HTML><HEAD></HEAD><BODY><P>Do you have a NAT policy configured ? </P></BODY></HTML> Wed, 24 Jul 2013 13:21:15 GMT https://live.paloaltonetworks.com/t5/general-topics/guest-network-setup/m-p/35281#M25918 dpalani 2013-07-24T13:21:15Z https://live.paloaltonetworks.com/t5/general-topics/guest-network-setup/m-p/35282#M25919 <HTML><HEAD></HEAD><BODY><P>I agree with nat to confirme it </P><P>activate log at start sesion on your policy rule which have allow your traffic and</P><P>go to traffic log in monitor tab&nbsp; and check if you see incomplete application.</P><P>if yes that mean you send something but with no retourn back to you.</P><P>resolv that by source nat policy which change the client ip to the ip of your untrust interface (the ip gave by dhcp) </P><P></P><P>regards</P></BODY></HTML> Wed, 24 Jul 2013 16:32:29 GMT https://live.paloaltonetworks.com/t5/general-topics/guest-network-setup/m-p/35282#M25919 Gregoux 2013-07-24T16:32:29Z https://live.paloaltonetworks.com/t5/general-topics/guest-network-setup/m-p/35283#M25920 <HTML><HEAD></HEAD><BODY><P>I had a user error in the NAT <img id="smileysad" class="emoticon emoticon-smileysad" src="https://live.paloaltonetworks.com/i/smilies/16x16_smiley-sad.png" alt="Smiley Sad" title="Smiley Sad" /> Thanks for your thoughts!&nbsp; Plus I ended up setting up a PBF rules as well.</P></BODY></HTML> Thu, 25 Jul 2013 02:12:08 GMT https://live.paloaltonetworks.com/t5/general-topics/guest-network-setup/m-p/35283#M25920 victorallen 2013-07-25T02:12:08Z