2 IP ranges

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

2 IP ranges

L4 Transporter

In the Juniper and Cisco firewall configurations it is possible to route a second IP range to a firewall without having to add a second default route. Is this possible under 4.0.5?

My client is wanting to be able to failover between two data centers with pairs of 5020s at each site and Panorama for configuration management.

If this is possible, is it also possible to set up end points for the VPNs and SSL VPNs on both ranges?

Thanks

James

3 REPLIES 3

L4 Transporter

Hi James,

Could you describe how the Juniper or Cisco is configured in more detail?  I'm not sure I understand the configuration you are describing completely.  If we understand the existing configuration we may be able to come up with something.

Thanks,

Kelly

On the Cisco or Juniper configuration the ISP will forward/route the second range traffic to the IP of the firewall. You would then create static entries for NAT translation. It is also possible to set an interface IP address on the second range to connect VPN traffic.

The configuration suggestions I have seen on other questions involve having multiple gateways and using PBF. We would like to avoid PBF and multiple default routes so that we can float the SSL VPN and VPN traffic between sites.

Hi James,

So far it doesn't sound like anything the Palo Alto Firewall can't do.  You can have secondary IPs, Loopbacks, static NATs, etc available to you.  The routing functions are not too different in that respect from the other vendors.  The PBF design is to allow outbound failover without routing protocol.

Cheers,

Kelly

  • 2666 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!