Could you please suggest how to find Relevant Zone for an IP addresses in V Wire mode. When configuring security policy, we need to mention the source and destination zone.
We've PA firewalls only configured in Vwire with multiple zones.
Please suggest is there any way we could check it from GUI or from CLI an relevant zone for an IP address.
When confuring access rules we'll be specifying the zones for the source and destination addresses. In L3 mode, we'll find the appopriate zones by looking at the Routing table.
Since Vwire acts as bump in the wire (L2) and no routing table is populated, not sure how to calcuate the zones for the source and destination addresses.
Could you please assist.
I guess generally most people would just know this information without having to look it up. You could put the IPs in as a comment on the associated interface; or you could set them up in the User-ID 'Included Networks' for that zone.
I have always used a special zone for vwires, that way since traffic is flowing 'between' zones, I can create policies around it to allow/block specific traffic, etc. Here is a guide that may help out.
I usually use vwires for external devices, say video conference equipment. Then I create zones for the vwire, vwire-external and vwire-internal. Then just create your policies on source and/or desitnation zones.
Hope that helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!