Would like to hear whether anyone has converted Check Point VSX virtual switch to like Palo Alto capability
Currently in the process of planning migration from Check Point VSX to Palo Alto VSYS. Check Point VSX has a virtual switch capability similar to VMware where multiple virtual systems can "share" a physical connection (port) to a network segment (VLAN). Each virtual firewall has a logical connection that has a unique IP address/subnet mask/gateway configured and accesses the LAN via the virtual switch Layer 2 connected to a physical port.
At the moment, I'm exploring the shared gateway feature (PANOS 5.013) and I'm not getting that warm fuzzy feeling yet :smileyconfused:.
Shared Gateway is what you are looking for. Here is a logical diagram from the document:
As you can see 2 internal interface can be in different Vsys but can share same shared external GW.
Here are other documents that might be helpful :
Hope this helps. Thank you
ssharma and sshah, as I currently understand it the Shared Gateway is not a like solution to the virtual switch. The concern I have is that a Shared Gateway does not act as a shared Layer 2 connection to a network segment, it's role is a layer 3 routed hop for the vsys attached to it. To accomplish the design goal a new network segment is required to connect each vsys to the Shared gateway in order to route through to the desired LAN segment. To clarify this latter statement, a virtual switch would eliminate the need for the layer three hop through the SG as each desired vsys interface is L2 connected (access/host interface) to the desired LAN segment; through a shared physical interface.
Is my assessment incorrect?
I didnt find L2 implementation of shared gateway. Neither I found any existing Feature Request.
Kindly contact your SE, so he might be able to open new Feature Request for the same.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!