02-07-2018 06:23 AM
hi everyone,
we have a pa200 with three L3 interfaces currently in use:
eth 1/1 - untrust - dynamic ip
eth 1/2 - trust - 192.168.18.1/24
eth 1/3 - dmz - 10.10.10.254/24
eth 1/4 - currently unused
Now we would like to configure eth 1/4 just like eth 1/2, meaning it should be a further interface in the trust zone.
I know it would be simplest to just connect eth 1/2 to a switch, but unfortunately this is a far away remote location and not an option at this time. What is the smartest way to accomplish this?
Thank you in advance for you help!
02-07-2018 02:37 PM
Hello,
That should work, and there could be several ways (community please keep me honest)
1. Set eth1/4 as a layer3 interface on the trust zone, the IP would have to be different than eth1/2 and the device plugged into eth 1/4 would have a gateway of the eth 1/4 IP.
2. Change the interface type on eth 1/2 to layer2 and make a layer3 vlan with the IP address of the current eth1/2 interface. then make eth 1/4 layer2 in the same zone. Then both devices plugged into eth 1/2 and 1/4 will have the same gateway, i.e. the vlan ip address.
Hope this makes sense.
02-07-2018 07:27 AM
I know it would be simplest to just connect eth 1/2 to a switch
did you mean....
I know it would be simplest to just connect eth 1/4 to a switch
or am i missing something here...
02-07-2018 07:51 AM
@Mick_Ball thank you for your feedback. Sorry if what i wrote was a bit misleading. Actually we just want an additional interface (eth 1/4) in the trustzone. So in general i'm wondering if more than one interface can be in the same zone. And if so, how is that accomplished?
02-07-2018 07:58 AM
yes you can have multiple interfaces in the same zone...
just go to network/zones.... select your trust zone and "add".
you will not be able to add the new L3 interface 1/4 until it has been configured in Network/Interfaces.
02-07-2018 02:37 PM
Hello,
That should work, and there could be several ways (community please keep me honest)
1. Set eth1/4 as a layer3 interface on the trust zone, the IP would have to be different than eth1/2 and the device plugged into eth 1/4 would have a gateway of the eth 1/4 IP.
2. Change the interface type on eth 1/2 to layer2 and make a layer3 vlan with the IP address of the current eth1/2 interface. then make eth 1/4 layer2 in the same zone. Then both devices plugged into eth 1/2 and 1/4 will have the same gateway, i.e. the vlan ip address.
Hope this makes sense.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
