Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
09-29-2022 06:41 AM
Hello All,
We are checking a corner case design where we have PA-3220 firewall with 9.1.14-h4 software version. It has 2 vSYS enabled already and we have simple setup: ISP_Router ---- L2 Switch ---- Firewall. The question I have: is it possible to use same subnet/same VLAN ID for subinterfaces between 2 vSYS?
For example we have a port-channel assigned to vSYS1, where we have subinterfaces like ae1.101, ae1.102 and ae1.103.
We want to create another subinterface for example on port Ethernet1/15, which will look like Ethernet1/15.101, which will be assigned to vSYS2. Also we want Ethernet1/15.101 to have same subnet as ae1.101, but of course with different IP address. For example 1.1.1.1/24 for ae1.101 and 1.1.1.2/24 for Ethernet1/15.101.
It looks like in 10.1.x such configuration will be at least accepted by firewall. As we have no lab 9.1.14 to try it, can you tell me if such setup supposed to be working on 9.1.14?
Thanks!
09-30-2022 07:54 AM
From what you've described there's no reason that this wouldn't work on 9.1. You aren't sharing anything in this case, it's logically a different system and the fact that there's an overlap doesn't matter as long as you aren't trying to do anything with inter-vsys routing that you'd have to take into account.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
