Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-02-2020 11:51 AM
Hi,
I have many sites with different network infrastructure in different countries and i would like to deploy Paloalto firewalls below wan link, please help to to decide method of Paloalto firewall deployment L3 or vwire in an existing network infrastructure
I have been assigned to study the infrastructure and decide L3 or Vwire and to give the justifications on my deciding
Thanks.
01-02-2020 02:04 PM
Hello,
It really depends on the over all architecture and how the current pieces will play what roles or be removed in the future. VWire is good if you want to wait and see what traffic is going through the PAN or if the current network pieces will remain in place and perform the routing. My personal preference is KISS, minimal parts and simple design. So I would say VWire to get the PAN's in and setup your policies. Then move to a layer 3 approach.
Here are a few articles that may help out:
Cheers!
01-02-2020 04:33 PM
@Parthipan wrote:Hi,
I have many sites with different network infrastructure in different countries and i would like to deploy Paloalto firewalls below wan link, please help to to decide method of Paloalto firewall deployment L3 or vwire in an existing network infrastructure
I have been assigned to study the infrastructure and decide L3 or Vwire and to give the justifications on my deciding
Thanks.
The one thing to consider is requirements and limitation or complications of either deployment. I know vwire deployments can't do somethings that other deployments can (maybe only a L3 type deployment, but I'm not sure.)
For instance though from this Palo page:
"You wouldn’t use a virtual wire deployment for interfaces that need to support switching, VPN tunnels, or routing because they require a Layer 2 or Layer 3 address. "
01-06-2020 08:32 PM
Personally, I suggested to use the L3 instead of the vwire.
Some reference site : https://www.linkedin.com/pulse/palo-alto-networks-firewall-vwire-mode-alberto-rivai
vwire is proven to be useful in an environment where you do not want or cannot change any L3 domain.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
