09-26-2023 12:39 PM
We are running a Palo 5220. If we setup two different virtual interfaces with two different IP subnets in the same zone. Will I need to setup security policies to allow the two different subnets in a single zone to communicate. or will the Palo route traffic between subnets in the same zone with out any additional security policies?
09-26-2023 12:44 PM
By default, you wouldn't need to do anything to allow this traffic. It'll be caught by the intrazone-default policy and allowed without any action on your end.
09-26-2023 12:44 PM
By default, you wouldn't need to do anything to allow this traffic. It'll be caught by the intrazone-default policy and allowed without any action on your end.
09-26-2023 12:56 PM
Thank you very much, that was my thought, but it was not unanimous in our group. We are planning on setting up a test in our lab also, but I thought I could get a quick reply here also. You were a huge help. Thank you.
06-08-2024 11:08 PM
I have a server subnet and a workstation subnet server subnet that we only want to specify communication from server to workstation and vise versa. Would a universal zone work just fine or should we create a server zone and workstation zone and then apply ACL communication? Is there a way to setup a zone with two different subnets in it and not have them talk, only thru ACL allow policy?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
