when migrating rules from MS-TMG to PAN i have encountered folowing situation:
a. web server A is in private dmz zone
b. web server B is in inside zone
Both are listenig on port 80. Problem is in the fact that both are published on the same public IP address. This is supported on TMG, with some kind of url forwarding but i dont know if PAN can support this kind of design.
I tried to create port forwarding but one rule shadows the another, even with PBF.
As far as I know PA doesnt support loadbalancing based on content (for that purpose use F5 or similar devices which you can place behind a PA).
So in your case you have to either:
1) Server A gets publicip:TCP80, Server B gets publicip:TCP81 (or whatever port you want to use).
2) Server A gets publicip1:TCP80, Server B gets publicip2:TCP80.
Your options are ok, i had them in mind, but i hoped that PA had some similar feature like TMG to ease migration procedures. I'll get back with results after i do some more tests.
definitely what TMG does is not possibe with a PA and mikand's answer provides the only choices we have to migrate TMG. The company I'm working for has also a TMG and I've get to handle the migration coming soon.
I've talked this issue through with an SE from PAN to a definite answer on this.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!