01-21-2021 02:36 PM - edited 01-21-2021 03:20 PM
When it comes to vm series firewalls, Layer 3 subinterfaces, trunks and port groups, are there any downsides/catches/cautions to setting the ESXI port group to use vlan 4095 (trunk), and then simply utilize layer 3 subinterfaces on the vmseries firewalls with 1 NIC? Article noted below, using just like a normal trunk if I understand correctly? Seems to work as expected as long as I have the TAG number on the firewalls interface. Wondering if anyone has had problematic experiences with a setup like this? I don't think we've ever used a trunk interface marked as 4095 going to anything. Plenty of switching trunks and cisco routers on a stick, but never from an ESXI host trunking to a virtualized palo alto with layer 3 interfaces. Should work as expected?
01-21-2021 03:33 PM
it kinda depends on the 'size' of your vm. The larger vm's (700) spread the load over their internal CPU cores based on the source interface, which could be a limiting factor if you put everything on a single interface. other than that there shouldn't be any issues
01-21-2021 03:33 PM
it kinda depends on the 'size' of your vm. The larger vm's (700) spread the load over their internal CPU cores based on the source interface, which could be a limiting factor if you put everything on a single interface. other than that there shouldn't be any issues
01-21-2021 03:37 PM
-pleasure hearing from you. Very good to know!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
