I've checked all docs and guides and did not find any documented limitations (such as features not available) when PA is deployed in virtual wire mode. Does this mean that ALL possible features are available both in routed and VWire mode?
For example: if I deploy PA in VWire mode between the Internet router and a L3 Core switch with multiple VLANs. This means that the actual clients/users will not be in the same broadcast domain where the PA is sitting. Nevertheless PA has no IP addresses set, therefore no routing table at all. Should this affect somehow at least some of the features? For example if the PA has to send a TCP reset to a client/server in the inside BEHIND the core swtich. Will this be routed/forwarded properly when there's no routing table at all?
The above was just an example, there might be many more similar cases.
Thanks in advance!
As you write in your question, in Vwire, plao has no IP on interface. Mean it's fully transparent. No routing not NAT no ..... just TRANSPARENT, this is the aim for transparent mode.
For some reason, some feature can be supported in this mode like NAT ... but it's really particular need and not very clean deployment.
Please see: https://live.paloaltonetworks.com/docs/DOC-5725
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!