03-16-2023 09:37 AM
Using our pa firewall connected to our ISP modem (in bridge mode) its working fine. But I have a zone called guest that I want to have dhcp clients on that will be separate from my trust network. I want to be able to have those guests on DHCP from the Palo. Do I configure that guest interface as L3 or Vlan?
03-16-2023 10:07 AM
Hello,
I prefer to have my physical interfaces as layer 2 and have the layer 3 interface as the vlan, but its only my preference. Your DHCP will be configured on the interface you choose as your layer3 interface for that vlan.
Regards,
03-16-2023 10:21 AM
If it is small location where you don't have dedicated switch and you need multiple Palo physical interfaces to be in same subnet then it makes sense to use Layer 2.
Otherwise Layer 3 is always simpler and cleaner setup.
03-16-2023 10:47 AM
There is a dedicated L3 switch and the guest network will be separate from our inside LAN. So I have to make L2 vlan on the L3 switch and have that L2 vlan connect to the PA guest interface?
03-16-2023 11:02 AM
I assume that you will configure guest network default gateway IP on Palo and not on switch so your switch' L3 capability don't play any role here.
But in general yes your steps are correct.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
