https://live.paloaltonetworks.com/t5/general-topics/two-l3-interfaces-on-one-zone/m-p/140416#M48270 <P>Yes, you can have both&nbsp;interfaces in the same security zone.</P><P>And then make rules based on security zones.</P><P>&nbsp;</P><P>((but you can't have same interface in multiple security zones))</P> Wed, 01 Feb 2017 08:12:44 GMT santonic 2017-02-01T08:12:44Z https://live.paloaltonetworks.com/t5/general-topics/two-l3-interfaces-on-one-zone/m-p/140303#M48257 <P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Question.jpg" style="width: 300px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/7544i550AE8BB1BF8006F/image-size/small/is-moderation-mode/true?v=v2&amp;px=200" role="button" title="Question.jpg" alt="Question.jpg" /></span></P><P>&nbsp;</P><P>&nbsp;Hi,</P><P>&nbsp;</P><P>&nbsp;</P><P>in the setup of the above diagram , I need to run OSPF on Paloalto between two Core-SWs, so I have to create two L3 interfaces &nbsp;Point to Point with the two SWs.</P><P>&nbsp;</P><P>the two core-SW is considered as inside for me , so from the prespective of routing it is okay.</P><P>but the issue on the polices, I have to create the polices duoble between two inside zones to outside.</P><P>&nbsp;</P><P>my question : &nbsp;is it possible to combine the two interfaces on one zone to use it on one policy ?</P><P>&nbsp;</P><P>I know that my question seems to be unusal but I need your suggestions on this setup ??</P><P>&nbsp;</P><P>Thanks&nbsp;</P><P>&nbsp;</P> Tue, 31 Jan 2017 18:48:16 GMT https://live.paloaltonetworks.com/t5/general-topics/two-l3-interfaces-on-one-zone/m-p/140303#M48257 Mohamed_Mabrouk 2017-01-31T18:48:16Z https://live.paloaltonetworks.com/t5/general-topics/two-l3-interfaces-on-one-zone/m-p/140416#M48270 <P>Yes, you can have both&nbsp;interfaces in the same security zone.</P><P>And then make rules based on security zones.</P><P>&nbsp;</P><P>((but you can't have same interface in multiple security zones))</P> Wed, 01 Feb 2017 08:12:44 GMT https://live.paloaltonetworks.com/t5/general-topics/two-l3-interfaces-on-one-zone/m-p/140416#M48270 santonic 2017-02-01T08:12:44Z https://live.paloaltonetworks.com/t5/general-topics/two-l3-interfaces-on-one-zone/m-p/140479#M48279 <P>When you create an interface under the 'config' tab you have to assign the interface a virtual router and a security zone. You would simply put the security zone into the same zone as the other interface and then build the rules out with the security zone that includes both interfaces.&nbsp;</P><P>As santonic mentioned what you&nbsp;<STRONG>can't</STRONG> do is include one interface in multiple security zones. So the same interface can't be assigned to both a 'trust' and a 'dmz' zone at the same time.&nbsp;</P> Wed, 01 Feb 2017 14:32:31 GMT https://live.paloaltonetworks.com/t5/general-topics/two-l3-interfaces-on-one-zone/m-p/140479#M48279 BPry 2017-02-01T14:32:31Z