This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

2 IP ranges

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

2 IP ranges

jcostello
L4 Transporter

‎09-27-2011 02:02 PM

In the Juniper and Cisco firewall configurations it is possible to route a second IP range to a firewall without having to add a second default route. Is this possible under 4.0.5?

My client is wanting to be able to failover between two data centers with pairs of 5020s at each site and Panorama for configuration management.

If this is possible, is it also possible to set up end points for the VPNs and SSL VPNs on both ranges?

Thanks

James

0 Likes Likes
3 REPLIES 3

kbrazil
L4 Transporter

‎09-27-2011 02:36 PM

Hi James,

Could you describe how the Juniper or Cisco is configured in more detail?  I'm not sure I understand the configuration you are describing completely.  If we understand the existing configuration we may be able to come up with something.

Thanks,

Kelly

jcostello
L4 Transporter
In response to kbrazil

‎09-27-2011 03:09 PM

On the Cisco or Juniper configuration the ISP will forward/route the second range traffic to the IP of the firewall. You would then create static entries for NAT translation. It is also possible to set an interface IP address on the second range to connect VPN traffic.

The configuration suggestions I have seen on other questions involve having multiple gateways and using PBF. We would like to avoid PBF and multiple default routes so that we can float the SSL VPN and VPN traffic between sites.

0 Likes Likes

kbrazil
L4 Transporter
In response to jcostello

‎09-27-2011 03:17 PM

Hi James,

So far it doesn't sound like anything the Palo Alto Firewall can't do.  You can have secondary IPs, Loopbacks, static NATs, etc available to you.  The routing functions are not too different in that respect from the other vendors.  The PBF design is to allow outbound failover without routing protocol.

Cheers,

Kelly

  • 3017 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks