I'm looking to create 2 dmz's on the PAN as separate networks. This is how I have it envisioned and would appreciate any feedback.
1. configure two layer 3 interafaces with GW IP assigned
2. assign security zone to each interface
3. attach each interface to existing VR
4. route internal dmz address networks to each interface in VR
5. set security and nat policies as appropriate
I know I could configure the interfaces as layer 2 as spelled out in the L2 networking pdf, but I'm unable to do that in this situation. Are there any considerations I should be aware of? My existing VR is used for VPN tunnels only. Should I consider a separate VR?
As per the description, I am assuming you might be doing the following:
1) Tying to add L3 interface and L2 in the same DMZ zone: It might not be possible because the Zones are defined based on Zone type, they should be either layer 3 or layer 2 or vwire or tap, we can not create a combination out of it.
2) If the above assumption is wrong, the next thing I can assume is that you are trying to configure two DMZ zone with same name but one for layer 3 and another for layer 2, that would also not be possible because by design we can not have two zone with same name even though they are of different type.
Let us know if you are trying something else, we would try our best to respond you back as soon as possible.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!