NATting to a VM PAN secondary gateway behind a physical PAN

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

NATting to a VM PAN secondary gateway behind a physical PAN

L3 Networker

I've added a VM PAN to allow more Global Protect connections. It's working well for my cert based GP users. 

In the example below GP connects to, the 3220 PAN NATs that to an address on its DMZ

and the tunnels for like a champ. The Portal and Gateway are configured with the IP of the external IP of 

the VM PAN 


Internet----------[PAN3220]NAT-----[VM PAN]


In this scenario - what would be an option for adding a second portal and gateway say for on demand saml

based VPN? Add a loopback at a new private IP say on a loopback and add a route to the PAN 3220 to reach

it via the outside of the VM PAN? And add a NAT at the 3220 say> 

Or add the NAT at the VM PAN say - > (on say Lo1)? 


Thank you.


  • 0 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!