https://live.paloaltonetworks.com/t5/general-topics/how-to-configure-the-firewall-so-that-all-traffic-goes-in-and/m-p/196374#M58494 <P>If all your internal servers will get a private IP on their physical interface and have the firewall perform NAT, then your layer3 design will work perfectly</P> <P>If it is your intention to assign each host a public IP on it's interface, then you may need to consider a vwire or layer2 design</P> Tue, 23 Jan 2018 10:47:49 GMT reaper 2018-01-23T10:47:49Z https://live.paloaltonetworks.com/t5/general-topics/how-to-configure-the-firewall-so-that-all-traffic-goes-in-and/m-p/196349#M58490 <P>Hello, everybody.</P><P>&nbsp;</P><P>I am configuring a VM-300 Virtual Firewall on a KVM installed in CentOS.</P><P>&nbsp;</P><P>The dedicated server where the virtual firewall is installed has two network cards.</P><P><BR />One of which connects to the Internet and the other with which it connects to a switch to which other servers are connected.</P><P>&nbsp;</P><P>My intention is for all incoming and outgoing traffic to pass through the firewall.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="DRAW.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/13362i273F64AA63B56DCE/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="DRAW.png" alt="DRAW.png" /></span></P><P>&nbsp;</P><P>Certainly all servers, have their own public ip, and their future virtualized systems in them will also have their public ips.</P><P>&nbsp;</P><P>Can someone please tell me what kind of configuration would be appropriate for this scenario?</P><P>For the moment, without being very sure I have thought that I should follow a Layer3 configuration, and I am doing steps as they are referred to in this guide.</P><P>&nbsp;</P><P><A title="Getting-Started-Layer-3-NAT-and-DHCP" href="https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Layer-3-NAT-and-DHCP/ta-p/66999" target="_blank">Getting-Started-Layer-3-NAT-and-DHCP</A></P><P>&nbsp;</P><P>Am I on the right track or will this guide not apply to my scenario?</P><P>&nbsp;</P><P>Greetings and thanks</P> Tue, 23 Jan 2018 08:23:08 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-configure-the-firewall-so-that-all-traffic-goes-in-and/m-p/196349#M58490 javihere 2018-01-23T08:23:08Z https://live.paloaltonetworks.com/t5/general-topics/how-to-configure-the-firewall-so-that-all-traffic-goes-in-and/m-p/196374#M58494 <P>If all your internal servers will get a private IP on their physical interface and have the firewall perform NAT, then your layer3 design will work perfectly</P> <P>If it is your intention to assign each host a public IP on it's interface, then you may need to consider a vwire or layer2 design</P> Tue, 23 Jan 2018 10:47:49 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-configure-the-firewall-so-that-all-traffic-goes-in-and/m-p/196374#M58494 reaper 2018-01-23T10:47:49Z