Please provide a network diagram if you can so we can review it. Wireless users will come back to a wireless controller, and you would configure the controller to use the PA as its default gateway. Or configure the PA200 in virtual-wire mode, and place the PA in the path between the controller and the Internet.
To pass the wireless users through the firewall, you will need to configure one of the interfaces to receive your wirelss lan connection and become the default gateway for that network.
Place this interface into its own zone so you can apply separate policies to the wireless users as compared to your normal business lan.
You will then need a nat policy for the wireless zone to the internet for their access out.
I'd create a v-wire interface on the Palo Alto (if you have two interfaces available) and connect the Wireless controller to one of the v-wire ports. Connect the second v-wire interface to your router. Traffic will come in from your controller through the v-wire interfaces to your router. All this traffic will be seen by the firewall.
If you don't have enough interfaces for v-wire then your default gateways will all need to be configured to live on the firewall. You can do this by creating VLANs on your network and VLAN tagging interfaces on the firewall. You'll need to configure routing on the firewall. I'd suggest, like Steven said, to create separate zones for better management.
My preference, however, would be to use v-wire. I think routing should be done on routers and traffic inspection on firewalls. That's just me though.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!