Virtual Switch in PANOS

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Virtual Switch in PANOS

L1 Bithead

Hello,

Would like to hear whether anyone has converted Check Point VSX virtual switch to like Palo Alto capability

Currently in the process of planning migration from Check Point VSX to Palo Alto VSYS.  Check Point VSX has a virtual switch capability similar to VMware where multiple virtual systems can "share" a physical connection (port) to a network segment (VLAN).  Each virtual firewall has a logical connection that has a unique IP address/subnet mask/gateway configured and accesses the LAN via the virtual switch Layer 2 connected to a physical port.

At the moment, I'm exploring the shared gateway feature (PANOS 5.013) and I'm not getting that warm fuzzy feeling yet :smileyconfused:.

Kind Regards,

Todd

4 REPLIES 4

L5 Sessionator

Hi Todd,

Shared Gateway is what you are looking for. Here is a logical diagram from the document:

shared_GW.JPG

As you can see 2 internal interface can be in different Vsys but can share same shared external GW.

Here are other documents that might be helpful :

How to Set Up Shared Gateway and Inter VSYS

Hope this helps. Thank you

L6 Presenter

Hi Coldstone,

Please refer following document for shared gateway feature.

How to Set Up Shared Gateway and Inter VSYS

Let me know if you stuck in any issue.

Regards,

Hardik Shah

L1 Bithead

ssharma and sshah, as I currently understand it the Shared Gateway is not a like solution to the virtual switch.  The concern I have is that a Shared Gateway does not act as a shared Layer 2 connection to a network segment, it's role is a layer 3 routed hop for the vsys attached to it.  To accomplish the design goal a new network segment is required to connect each vsys to the Shared gateway in order to route through to the desired LAN segment.    To clarify this latter statement, a virtual switch would eliminate the need for the layer three hop through the SG as each desired vsys interface is L2 connected (access/host interface) to the desired LAN segment; through a shared physical interface.

Is my assessment incorrect? 

Hi Coldstone,

I didnt find L2 implementation of shared gateway. Neither I found any existing Feature Request.

Kindly contact your SE, so he might be able to open new Feature Request for the same.

Regards,

Hardik Shah

  • 4362 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!