- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-01-2013 07:00 PM
I have an isp with 4 ip blocks then another with 3 ip blocks. I plug my 2 isp's in a switch then with only one cable from the switch to Palo Alto then from Palo Alto to my local network.
What I want to happen is that i can choose what isp i want to use by just changing the ip settings of my workstation.
See attached diagram.
08-01-2013 07:30 PM
Thanks for the reply. I have already tried creating sub interfaces but i am still unable to connect to the internet using the sub-interfaces i created in my trust network. I assumed that the policies are the same as with using a physical interface. Have you tried this setup?
08-01-2013 07:36 PM
Hi,
Please follow below mentioned documents for the same
https://live.paloaltonetworks.com/docs/DOC-2031( page no- 94)
Thanks
Subhankar
08-02-2013 09:39 AM
What mode is the paloalto in. If it is in layer 2 mode. Please refer to this guide, it explains and shows common different scenarios.
https://live.paloaltonetworks.com/docs/DOC-2011
Hope this helps.
Thanks
08-02-2013 11:12 AM
Good Afternoon,
Looking at the setup, we have two options to accomplish the seamless traffic flow, when changing the IP address and gateway on the client machines. Since there are 2 switches connecting upstream and downstream to the PANFW and having vlans configured under it ( they appear to be trunked ports), the easiest way to accomplish the routing is to
1) Configure the PANFW with the virtual wire setting, and passing all tagged traffic under it. With this setting the PANFW passes the frames of each of the vlan traffic, and once they reach the swtiches, the switches take the corresponding forwarding decision. To configure the PANFW as a vwire and pass the vlan tagged traffic, look follow the below link
https://live.paloaltonetworks.com/docs/DOC-2729
2) Another way is to configure the interfaces, connecting the upstream and the downstream switchports, as trunked ports on the PANFW and passing all the vlans part of the trunk. You may or may not configure the vlan interfaces for these vlans, as it would make more sense having the default gateway for the PCs configured under the upstream switches. Ensure that when you have layer 2 interfaces configured, you still have to assign them to a virtual router and a zone to pass the traffic
Hope that helps.
BR,
Karthik RP
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!