routing problems between wans and lan

Reply
Highlighted
L1 Bithead

routing problems between wans and lan

I recently inherited a Palo Alto PA-3020 in a place i've been working and I'm wondering if anyone would be able to help me out on a config error i've been having I'm trying to get a setup like in the visio diagram below but there seems to be some routing issues. I will send a redacted config to anyone who responds. I would be looking for basically my lan to use the port1 connection for outbound and my wifi networks to use the port2 networks for outboundDrawing1.png


Accepted Solutions
Highlighted
L1 Bithead

Couple of questions on this - are you wanting both Wifi networks to go out the second connection, or just one of them? Secondly, are you needing either of them to be able to communicate with the wired network or vice versa?

 

You can try using a second virtual router, tying the wireless and the second internet connection to that rather than the default VR. If you need communication between wired and wireless, you can add routes between VRs. You'll still need to have your default routes, security policies, NAT policies, etc. for the traffic you're wanting. If the second interface is DHCP, you can configure the virtual router to automatically add it as the default route and pass the DNS settings through inheritence.

 

We have a setup like this for our guest wireless to go out a secondary connection, with static routes added to allow guests to use some conference room equipment.

View solution in original post


All Replies
Highlighted
Cyber Elite

@kclarke6,

You could either accomplish this through routing statements, or you could do this with Policy-Based Forwarding. You can find additional information about PBF HERE

Highlighted
L1 Bithead

the issue I'm having thought is I can not get NAT working in the first place once I plug that second wan and commit my changes no routing seems to be getting through

Highlighted
L1 Bithead

Couple of questions on this - are you wanting both Wifi networks to go out the second connection, or just one of them? Secondly, are you needing either of them to be able to communicate with the wired network or vice versa?

 

You can try using a second virtual router, tying the wireless and the second internet connection to that rather than the default VR. If you need communication between wired and wireless, you can add routes between VRs. You'll still need to have your default routes, security policies, NAT policies, etc. for the traffic you're wanting. If the second interface is DHCP, you can configure the virtual router to automatically add it as the default route and pass the DNS settings through inheritence.

 

We have a setup like this for our guest wireless to go out a secondary connection, with static routes added to allow guests to use some conference room equipment.

View solution in original post

Highlighted
L1 Bithead

I would like both wifi to go out the scond interface I will try this and see if it works thanks, right now I dont have any communication going from the wifi to our lan but its good to keep that option open

Highlighted
Cyber Elite

@kclarke6,

A seperate VR would work properly as suggested by @jessica.davis. Either that or PBF or the proper routing statements. I personally prefer PBF/Routing because it's generally easier to explain to someone and easier to transition the enviroment to someone who may not have much experiance with PAN. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!