Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

PAN OS 10, Two devices on different subnets in the same zone

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PAN OS 10, Two devices on different subnets in the same zone

L0 Member

We are running a Palo 5220. If we setup two different virtual interfaces with two different IP subnets in the same zone. Will I need to setup security policies to allow the two different subnets in a single zone to communicate. or will the Palo route traffic between subnets in the same zone with out any additional security policies?  

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@MantaIT,

By default, you wouldn't need to do anything to allow this traffic. It'll be caught by the intrazone-default policy and allowed without any action on your end. 

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

@MantaIT,

By default, you wouldn't need to do anything to allow this traffic. It'll be caught by the intrazone-default policy and allowed without any action on your end. 

Thank you very much, that was my thought, but it was not unanimous in our group. We are planning on setting up a test in our lab also, but I thought I could get a quick reply here also. You were a huge help. Thank you. 

L0 Member

I have a server subnet and a workstation subnet server subnet that we only want to specify communication from server to workstation and vise versa. Would a universal zone work just fine or should we create a server zone and workstation zone and then apply ACL communication? Is there a way to setup a zone with two different subnets in it and not have them talk, only thru ACL allow policy?

  • 1 accepted solution
  • 1325 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!