This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

trafic redirection

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

trafic redirection

atelcom
L3 Networker

‎01-28-2014 07:08 AM

Hi,

I have a PA200 and i want to pass all users by this firewall, include whos connect with wireless

how can i configure PA to inspect wireless users

thanks in advance

Sarah

Labels:
0 Likes Likes
4 REPLIES 4

rmonvon
L6 Presenter

‎01-28-2014 07:38 AM

Please provide a network diagram if you can so we can review it.  Wireless users will come back to a wireless controller, and you would configure the controller to use the PA as its default gateway.  Or configure the PA200 in virtual-wire mode, and place the PA in the path between the controller and the Internet.

0 Likes Likes

panos
L6 Presenter

‎01-28-2014 12:17 PM

it depends on how wireless users traffic passes through....

if only missing part is user id solution will be different...

0 Likes Likes

pulukas
L7 Applicator

‎01-28-2014 03:21 PM

To pass the wireless users through the firewall, you will need to configure one of the interfaces to receive your wirelss lan connection and become the default gateway for that network.

Place this interface into its own zone so you can apply separate policies to the wireless users as compared to your normal business lan.

You will then need a nat policy for the wireless zone to the internet for their access out.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes

mario11584
L4 Transporter

‎01-29-2014 09:45 AM

I'd create a v-wire interface on the Palo Alto (if you have two interfaces available) and connect the Wireless controller to one of the v-wire ports. Connect the second v-wire interface to your router. Traffic will come in from your controller through the v-wire interfaces to your router. All this traffic will be seen by the firewall.

If you don't have enough interfaces for v-wire then your default gateways will all need to be configured to live on the firewall. You can do this by creating VLANs on your network and VLAN tagging interfaces on the firewall. You'll need to configure routing on the firewall. I'd suggest, like Steven said, to create separate zones for better management.

My preference, however, would be to use v-wire. I think routing should be done on routers and traffic inspection on firewalls. That's just me though.

0 Likes Likes
  • 2152 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks