03-30-2015 06:47 AM
I need to setup router from vendor with official ip adress because it cannot use nat. It will support a service from Miele called "Miele Logic".
Without setting this directly on modem wiith swith I want to sett this on interface at PA.
I have not figured out what kind of design is best practis to use?
04-07-2015 06:04 AM
I give up
Convincing vendor to change IP in order to set up NAT.
03-30-2015 02:56 PM
I'm not sure I follow the issue. But I think you are saying you need the Miele device to be on the public subnet but also behind the Palo Alto firewall.
For this application you could use a v-wire deployment. One side of the v-wire goes to the public untrust connection the other to the Miele device. Since v-wire has no layer 3 profile the device is both on the public subnet and also behind the firewall.
03-30-2015 11:26 PM
I considered both virtual wire and Layer 2 but this requires two interfaces?
But have not been able to assign this to the Layer 3 untrusted interface.
I have configured a lot of Palo Alto but never with this settings.
The Palo Alto have been replaced from an SonicWALL firewall and this device was configured in transparent mode.
03-31-2015 03:03 AM
v-wire is separate from any layer 3 usage on the device. So the two interfaces in a v-wire act like an ethernet cable, one side connects to the untrusted device the other the protected device or network switch. Then anything that passes through the v-wire must have a rule.
This pair of interfaces will not participate in any layer 3 configuration on the Palo Alto. This is a "virtual wire" patch cable.
03-31-2015 03:13 AM
For the internet connection I have only the untrusted interface for internet.
There is only one interface on modem. And I dont want to set up switch either.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!