Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

how do I assign multiple networks/subnets using only one physical interface?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

how do I assign multiple networks/subnets using only one physical interface?

L0 Member

I have an isp with 4 ip blocks then another with 3 ip blocks. I plug my 2 isp's in a switch then with only one cable from the switch to Palo Alto then from Palo Alto to my local network.

What I want to happen is that i can choose what isp i want to use by just changing the ip settings of my workstation.

See attached diagram.

6 REPLIES 6

L7 Applicator

Hi,

You can create a Layer-3 subinterface and assign different IP address to them, hope it will help you.

Thanks

Subhankar

Thanks for the reply. I have already tried creating sub interfaces but i am still unable to connect to the internet using the sub-interfaces i created in my trust network. I assumed that the policies are the same as with using a physical interface. Have you tried this setup?

Hi,

Please follow below mentioned documents for the same

https://live.paloaltonetworks.com/docs/DOC-2031( page no- 94)

Thanks

Subhankar

L7 Applicator

Hi,

Could you please modify the layout with appropriate IP address, it will help me to understand the requirement more in details.

Thanks

Subhankar

L5 Sessionator

What mode is the paloalto in. If it is in layer 2 mode. Please refer to this guide, it explains and shows common different scenarios.

https://live.paloaltonetworks.com/docs/DOC-2011

Hope this helps.

Thanks

Good Afternoon,

Looking at the setup, we have two options to accomplish the seamless traffic flow, when changing the IP address and gateway on the client machines. Since there are 2 switches connecting upstream and downstream to the PANFW and having vlans configured under it ( they appear to be trunked ports), the easiest way to accomplish the routing is to

1) Configure the PANFW with the virtual wire setting, and passing all tagged traffic under it. With this setting the PANFW passes the frames of each of the vlan traffic, and once they reach the swtiches, the switches take the corresponding forwarding decision. To configure the PANFW as a vwire and pass the vlan tagged traffic, look follow the below link

https://live.paloaltonetworks.com/docs/DOC-2729

2) Another way is to configure the interfaces, connecting the upstream and the downstream switchports, as trunked ports on the PANFW and passing all the vlans part of the trunk. You may or may not configure the vlan interfaces for these vlans, as it would make more sense having the default gateway for the PCs configured under the upstream switches. Ensure that when you have layer 2 interfaces configured, you still have to assign them to a virtual router and a zone to pass the traffic

vlan-setting.JPG

Hope that helps.

BR,

Karthik RP

  • 5492 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!