SD WAN using loopback on Palo Alto

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SD WAN using loopback on Palo Alto

L1 Bithead

I configuring a HUB for SDWAN with vpn, however this firewall currently have vpn tunnels to 3rd parties.  Due to this I am planning on using a separate wan ip for sd-wan.  However I do not have free ports on my firewall for this.  Is it possible to configure a SDWAN HUB to use a natted loopback?  If so I am not seeing any place to configure teh sd-wan interface profile for the loopback

4 REPLIES 4

L2 Linker

In my similar situation, I used an untagged sub-interface to terminate non-SDWAN tunnel connections. 

Douglas Elliott
Security Implementation Engineer
delliott@sayers.com

wouldnt this cause a conflict? if the parent interface has an ip of 1.1.1.1/24 and the sub interface has an ip of 1.1.1.2/24 wouldnt that cause an issue?

I tried doing this but I am getting an ARP issue, can you please go into detail regarding this setup?

L1 Bithead

Capability to use multiple IPs on SD-WAN participating interfaces was introduced with 11.1.0+ and plugin 3.2, so make sure you use those versions as minimum. Also, SD-WAN terminating IP will need to be first added then all additional IPs that you will have up to 4.
You can't terminate SD-WAN on a loopback currently, only on Physical Ethernet, AE, or Ethernet or AE subinterface.

SR
  • 777 Views
  • 4 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!