pa200 two interfaces in same zone

Reply
L0 Member

pa200 two interfaces in same zone

hi everyone,

 

we have a pa200 with three L3 interfaces currently in use:

 

eth 1/1 - untrust - dynamic ip

eth 1/2 - trust - 192.168.18.1/24

eth 1/3 - dmz - 10.10.10.254/24

eth 1/4 - currently unused

 

Now we would like to configure eth 1/4 just like eth 1/2, meaning it should be a further interface in the trust zone.  

I know it would be simplest to just connect eth 1/2 to a switch, but unfortunately this is a far away remote location and not an option at this time. What is the smartest way to accomplish this?

 

Thank you in advance for you help!

L6 Presenter

Re: pa200 two interfaces in same zone

@RobertNiehus

I know it would be simplest to just connect eth 1/2 to a switch

 

did you mean....

I know it would be simplest to just connect eth 1/4 to a switch

 

 

or am i missing something here...

L0 Member

Re: pa200 two interfaces in same zone

@MickBall thank you for your feedback. Sorry if what i wrote was a bit misleading. Actually we just want an additional interface (eth 1/4) in the trustzone. So in general i'm wondering if more than one interface can be in the same zone. And if so, how is that accomplished? 

 

L6 Presenter

Re: pa200 two interfaces in same zone

yes you can have multiple interfaces in the same zone...

 

just go to network/zones....    select your trust zone and "add".

 

you will not be able to add the new L3 interface 1/4 until it has been configured in Network/Interfaces.

 

 

L7 Applicator

Re: pa200 two interfaces in same zone

Hello,

That should work, and there could be several ways (community please keep me honest)

 

1. Set eth1/4 as a layer3 interface on the trust zone, the IP would have to be different than eth1/2 and the device plugged into eth 1/4 would have a gateway of the eth 1/4 IP.

 

2. Change the interface type on eth 1/2 to layer2 and make a layer3 vlan with the IP address of the current eth1/2 interface. then make eth 1/4 layer2 in the same zone. Then both devices plugged into eth 1/2 and 1/4 will have the same gateway, i.e. the vlan ip address.

 

Hope this makes sense.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!