Plz i need ansewr as soon as possible, can i apply the security policy rule on vlans ? for exepmle let vlan 10 connect to facebook, but bloc facebook for vlan20 ??
Short answer is yes you can. Does the different vlans have different zones ?
If they do just apply the src zone as required in your rules.
If they don't can seperate it using an address object range if the vlans have different subnets.
here's a link of a guy setting up a pa-200, using vlans and rules for the vlan
here's a link for creating address range if no seperate zones for the vlans
thank you very much brothers
i still have some questions plz, we have 2 scénarios in our deployment:
1-creating the vlan in PaloAlto firwall, and then manage it from the firewall.
2-or create the vlans on the cisco switch, in this case can the firwall apply the security rule on the vlans created in cisco switch ? (Important question).
witch of the this 2 sénarios is the best practice ??
plz if it's possible give me what the advantage/disadvantage of creating vlan on paloalto and not on cisco switch !!
and what the advantage/disadvantage of creating vlan on cisco switch and not on paloalto !!
Personally, I don't think it's a matter of which is best practice ...
Both are valid ways to configure. You'll just need to decide on a design that best fits your network and configure the firewall/switch accordingly.
thnk for you ansewr bro :)
Then if i create the vlans on the cisco switch, in this case can the firwall apply the security rule on the vlans created in cisco switch ?
Thank very much for help!
this tutorial is very nice, but i have a question, i see in the toturial that we must give an ip adresse for the vlan(in paloalto), this adresse ip is the same that i gave it to this vlan when i created in cisco switch ?
ex: i create a vlan10 on cisco switch with ip adresse: 10.1.1.1/24, then i must create a subinterface in palo alto with the tag 10, and the adresse ip : 10.1.1.1/24 ??
thanks a lot
someone asked a similiar question below here; [check out the comments at the bottom]
generally can always test it one way or the other if not sure. best way to learn aswell.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!