Layer 3 Subinterfaces VM-Series Firewalls VLAN 4095

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Layer 3 Subinterfaces VM-Series Firewalls VLAN 4095

L4 Transporter

When it comes to vm series firewalls, Layer 3 subinterfaces, trunks and port groups, are there any downsides/catches/cautions to setting the ESXI port group to use vlan 4095 (trunk), and then simply utilize layer 3 subinterfaces on the vmseries firewalls with 1 NIC?  Article noted below, using just like a normal trunk if I understand correctly? Seems to work as expected as long as I have the TAG number on the firewalls interface.  Wondering if anyone has had problematic experiences with a setup like this?  I don't think we've ever used a trunk interface marked as 4095 going to anything.   Plenty of switching trunks and cisco routers on a stick, but never from an ESXI host trunking to a virtualized palo alto with layer 3 interfaces.   Should work as expected? 

 

https://kb.vmware.com/s/article/1004252

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

it kinda depends on the 'size' of your vm. The larger vm's (700) spread the load over their internal CPU cores based on the source interface, which could be a limiting factor if you put everything on  a single interface. other than that there shouldn't be any issues

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

2 REPLIES 2

Cyber Elite
Cyber Elite

it kinda depends on the 'size' of your vm. The larger vm's (700) spread the load over their internal CPU cores based on the source interface, which could be a limiting factor if you put everything on  a single interface. other than that there shouldn't be any issues

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper 

-pleasure hearing from you.  Very good to know!

  • 1 accepted solution
  • 4262 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!