This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Interface in vsys

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Interface in vsys

rjdahav163
L3 Networker

‎11-28-2017 04:00 AM

Hello

 

this may sound like a stupid question but i could not somehow find a definitive answer to this in the PAN OS Guide:

 

We have to configure a 3050 iun multi-vsys configuration. We would be needing 2 interfaces per vsys and we wil be having 2 vsys only. All the interfaces wil be L3.

 

Regarding "physical" interface assignment, what is ALLOWED and recommended?

 

1. One physical interface assigned to one vsys. No sharing of interfaces.

 

OR

 

2. One physical interface without subinterfaces added in both the vsys. (Not sure if it is allowed)

 

OR

 

3. Subinterfaces created on one interface and then each subinterface to be assigned for each vsys. (We dont have any vlan tagging actually.)

 

(P.S. Option 1 is feasible but we would also like to spare physical interfaces for future use.)

 

Thanks and Regards

R

0 Likes Likes
1 REPLY 1

reaper
Cyber Elite
Cyber Elite

‎11-28-2017 04:48 AM

a single interface can only belong to one vsys, subinterfaces are counted as separate entities

 

so in your scenario where you'll only have 2 interfaces per vsys and only 2 vsys, you'd be set with 4 interfaces in total, so there's plenty of room to work with

 

but what does your network look like, are the 2 network environments also split up in vlans on one physical switching environment or are does each network have their own physical switch?

 

Sharing a single physical interface over multiple sub-interfaces makes management more wasy as you'll only need to manage a trunk from the switch and add tagged subinterfaces, but may impose bandwidth restrictions as all the subinterfaces share the same physical interfaces (this in itself can be fixed by creating aggregate interfaces.

 

#1 is a viable option, option #2 is not possible, option #3 will require you to start using vlan tagging, but will spare the number of physical interfaces used and allows for easy future expansion

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes
  • 1737 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks