This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Limitations in virtual wire mode?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Limitations in virtual wire mode?

efellows
L1 Bithead

‎11-18-2013 12:24 AM

Hello all,

I've checked all docs and guides and did not find any documented limitations (such as features not available) when PA is deployed in virtual wire mode. Does this mean that ALL possible features are available both in routed and VWire mode?

For example: if I deploy PA in VWire mode between the Internet router and a L3 Core switch with multiple VLANs. This means that the actual clients/users will not be in the same broadcast domain where the PA is sitting. Nevertheless PA has no IP addresses set, therefore no routing table at all. Should this affect somehow at least some of the features? For example if the PA has to send a TCP reset to a client/server in the inside BEHIND the core swtich. Will this be routed/forwarded properly when there's no routing table at all?

The above was just an example, there might be many more similar cases.

Thanks in advance!

Labels:
0 Likes Likes
5 REPLIES 5

VinceM
L5 Sessionator

‎11-18-2013 06:23 AM

Hi efellows,

As you write in your question, in Vwire, plao has no IP on interface. Mean it's fully transparent. No routing not NAT no ..... just TRANSPARENT, this is the aim for transparent mode.

For some reason, some feature can be supported in this mode like NAT ... but it's really particular need and not very clean deployment.

Please see: https://live.paloaltonetworks.com/docs/DOC-5725

Hope help

V.

0 Likes Likes

efellows
L1 Bithead
In response to VinceM

‎11-19-2013 01:46 AM

Yes, NAT is an obvious example of a feature that is not supported. My question is: Is there an official and complete list of all such features?

P.S. The link you've provided says "Unauthorized"

0 Likes Likes

jvalentine
L7 Applicator
In response to efellows

‎11-19-2013 07:37 AM

Actually PAN-OS supports v-wire NAT as of 4.1.  Please see attached tech note re: NAT

- Understanding PAN-OS NAT

0 Likes Likes

efellows
L1 Bithead
In response to jvalentine

‎11-21-2013 04:12 AM

OK, but still it would be rather helpful if there's somewhere a document describing (if any) features that are unsupported or have limitations in vwire mode. Or should we consider that there is absolute 1:1 feature parity between routed mode and vwire mode?

0 Likes Likes

VinceM
L5 Sessionator

‎11-21-2013 09:04 AM

Hi,

Here extract from training 🙂

vwire.GIF.gif

Hope help.

0 Likes Likes
  • 7130 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks