- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-26-2018 01:22 PM
I recently inherited a Palo Alto PA-3020 in a place i've been working and I'm wondering if anyone would be able to help me out on a config error i've been having I'm trying to get a setup like in the visio diagram below but there seems to be some routing issues. I will send a redacted config to anyone who responds. I would be looking for basically my lan to use the port1 connection for outbound and my wifi networks to use the port2 networks for outbound
09-26-2018 02:11 PM
Couple of questions on this - are you wanting both Wifi networks to go out the second connection, or just one of them? Secondly, are you needing either of them to be able to communicate with the wired network or vice versa?
You can try using a second virtual router, tying the wireless and the second internet connection to that rather than the default VR. If you need communication between wired and wireless, you can add routes between VRs. You'll still need to have your default routes, security policies, NAT policies, etc. for the traffic you're wanting. If the second interface is DHCP, you can configure the virtual router to automatically add it as the default route and pass the DNS settings through inheritence.
We have a setup like this for our guest wireless to go out a secondary connection, with static routes added to allow guests to use some conference room equipment.
09-26-2018 02:00 PM
the issue I'm having thought is I can not get NAT working in the first place once I plug that second wan and commit my changes no routing seems to be getting through
09-26-2018 02:11 PM
Couple of questions on this - are you wanting both Wifi networks to go out the second connection, or just one of them? Secondly, are you needing either of them to be able to communicate with the wired network or vice versa?
You can try using a second virtual router, tying the wireless and the second internet connection to that rather than the default VR. If you need communication between wired and wireless, you can add routes between VRs. You'll still need to have your default routes, security policies, NAT policies, etc. for the traffic you're wanting. If the second interface is DHCP, you can configure the virtual router to automatically add it as the default route and pass the DNS settings through inheritence.
We have a setup like this for our guest wireless to go out a secondary connection, with static routes added to allow guests to use some conference room equipment.
09-26-2018 02:19 PM
I would like both wifi to go out the scond interface I will try this and see if it works thanks, right now I dont have any communication going from the wifi to our lan but its good to keep that option open
09-26-2018 06:01 PM
A seperate VR would work properly as suggested by @jessica-davis. Either that or PBF or the proper routing statements. I personally prefer PBF/Routing because it's generally easier to explain to someone and easier to transition the enviroment to someone who may not have much experiance with PAN.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!