I have two virtual routers configured on firewall. I would like to do exchange routes between virtual routers. How many ways I have - to do that other than just using static routes?
If your looking to pass traffic between VRs then you need to setup the static routes that would allow you to do so; if you don't have a reason to seperate out your network traffic I'm a little confused why you would use multiple VRs in the first place.
Gotcha, static routes are going to be the only way to accomplish this. Set the static routes and create the relevent security policies and you'll be good to go.
Thanks dear. Actually I have the scenario like in firewall I have two VR, VR-1 for one customer-1 and VR-2 for other customer. Both have same subnets (overlapping subnets) but going to internet from global table (trust-vr) interface (connected to internet router and doing the NAT). In Juniper SRX, the session is bind to VR. So if traffic is going from VR-1 to global table then reverse route lookup happens in VR-1 and global table does not need to have reverse static routes for VR-1 and VR-2. It seems Palo Alto firewall session is not bind to any VR.
Since VR-1 and VR-2 sharing same subnets. How can I define the reverse static routes in trust-vr for VR-1 and VR-2. Should I enable symmatric retrun? or any other solution
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!