08-15-2013 08:07 PM
Got a situation where the deployment requires (in very basic terms):
VWIRE1 = Ethernet1/1 and Ethernet1/2
VWIRE2 = Ethernet1/2 and Ethernet1/3
Now this is not exactly 'standard' practice - but is it possible?
08-15-2013 08:24 PM
This is not supported.
BR,
Karthik
08-15-2013 08:27 PM
No this deployment is not possible as the basic concept behind vwire is if we receive packets on one interface transmit the packet out the interface which belongs to the same vwire .So in your scenario if packet is received on eth1/2 it won't know which interface to transmit it out . And also the fw won't let you select eth1/2 to be part of the 2nd vwire.
08-19-2013 12:49 AM
Cant you do it with 2 different VSYS?
Like so:
--- VSYS1 ( VWIRE1 ( eth1/1 - eth1/2 ) ) --- VSYS2 ( VWIRE2 ( eth1/3 - eth1/4 ) ) ---
--- = physical cable
This way a cable goes into eth1/1, then another cable connects eth1/2 with eth1/3 and finally a third cable goes from eth1/4.
The drawback is of course that you will only have roughly half the number of concurrent sessions (because a single session will eat one entry in VSYS1 and a second entry in VSYS2).
08-19-2013 04:22 AM
good point,
so what will be the difference if you use 1 vsys 3 cable and 2 vwires
eth1 eth2
eth3 eth4
connect eth2 and eth3 with a cable ?
08-19-2013 02:49 PM
Interesting thought that 
Unfortunately dealing with a PA-500 - so no VSYS 
08-20-2013 05:43 AM
Would this work if you used Vwire sub interfaces on the eth1/2 interface?
VWire1 = 1/1 and eth1/2.10
Vwire2 = eth1/2.20 to Eth1/3?
You would essentially add a VLAN tag to the 2.10 interface, send it down to your router, which would then send it back to the FW on a different vlan (routing between vlans, what a concept) then the router forwards the traffic to the 2.20 interface and to eth 1/3?
Thoughts on this from the community please?
Thanks
08-20-2013 07:58 PM
Just a little bit of feedback in resolution of the problem encountered. Basically the actual issue never ended up being overlapping Vwires at all.
The actual issue was that VLANs on the network were not passing through - because the default behaviour of vwires is to allow untagged traffic through, not tagged!
So by going into the configuration of each of the vwires, and setting it to allow all tags, it all worked beautifully
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
