trafic redirection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

trafic redirection

L3 Networker

Hi,

I have a PA200 and i want to pass all users by this firewall, include whos connect with wireless

how can i configure PA to inspect wireless users

thanks in advance

Sarah

4 REPLIES 4

L6 Presenter

Please provide a network diagram if you can so we can review it.  Wireless users will come back to a wireless controller, and you would configure the controller to use the PA as its default gateway.  Or configure the PA200 in virtual-wire mode, and place the PA in the path between the controller and the Internet.

L6 Presenter

it depends on how wireless users traffic passes through....

if only missing part is user id solution will be different...

L7 Applicator

To pass the wireless users through the firewall, you will need to configure one of the interfaces to receive your wirelss lan connection and become the default gateway for that network.

Place this interface into its own zone so you can apply separate policies to the wireless users as compared to your normal business lan.

You will then need a nat policy for the wireless zone to the internet for their access out.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L4 Transporter

I'd create a v-wire interface on the Palo Alto (if you have two interfaces available) and connect the Wireless controller to one of the v-wire ports. Connect the second v-wire interface to your router. Traffic will come in from your controller through the v-wire interfaces to your router. All this traffic will be seen by the firewall.

If you don't have enough interfaces for v-wire then your default gateways will all need to be configured to live on the firewall. You can do this by creating VLANs on your network and VLAN tagging interfaces on the firewall. You'll need to configure routing on the firewall. I'd suggest, like Steven said, to create separate zones for better management.

My preference, however, would be to use v-wire. I think routing should be done on routers and traffic inspection on firewalls. That's just me though.

  • 2151 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!