This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Virtual Switch in PANOS

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Virtual Switch in PANOS

coldstone1
L1 Bithead

‎10-01-2014 02:53 PM

Hello,

Would like to hear whether anyone has converted Check Point VSX virtual switch to like Palo Alto capability

Currently in the process of planning migration from Check Point VSX to Palo Alto VSYS.  Check Point VSX has a virtual switch capability similar to VMware where multiple virtual systems can "share" a physical connection (port) to a network segment (VLAN).  Each virtual firewall has a logical connection that has a unique IP address/subnet mask/gateway configured and accesses the LAN via the virtual switch Layer 2 connected to a physical port.

At the moment, I'm exploring the shared gateway feature (PANOS 5.013) and I'm not getting that warm fuzzy feeling yet :smileyconfused:.

Kind Regards,

Todd

2 people had this problem.
Labels:
0 Likes Likes
4 REPLIES 4

ssharma
L5 Sessionator

‎10-01-2014 02:59 PM

Hi Todd,

Shared Gateway is what you are looking for. Here is a logical diagram from the document:

shared_GW.JPG

As you can see 2 internal interface can be in different Vsys but can share same shared external GW.

Here are other documents that might be helpful :

How to Set Up Shared Gateway and Inter VSYS

Hope this helps. Thank you

0 Likes Likes

hshah
L6 Presenter

‎10-01-2014 03:07 PM

Hi Coldstone,

Please refer following document for shared gateway feature.

How to Set Up Shared Gateway and Inter VSYS

Let me know if you stuck in any issue.

Regards,

Hardik Shah

0 Likes Likes

coldstone1
L1 Bithead

‎10-01-2014 05:04 PM

ssharma and sshah, as I currently understand it the Shared Gateway is not a like solution to the virtual switch.  The concern I have is that a Shared Gateway does not act as a shared Layer 2 connection to a network segment, it's role is a layer 3 routed hop for the vsys attached to it.  To accomplish the design goal a new network segment is required to connect each vsys to the Shared gateway in order to route through to the desired LAN segment.    To clarify this latter statement, a virtual switch would eliminate the need for the layer three hop through the SG as each desired vsys interface is L2 connected (access/host interface) to the desired LAN segment; through a shared physical interface.

Is my assessment incorrect? 

hshah
L6 Presenter
In response to coldstone1

‎10-01-2014 05:29 PM

Hi Coldstone,

I didnt find L2 implementation of shared gateway. Neither I found any existing Feature Request.

Kindly contact your SE, so he might be able to open new Feature Request for the same.

Regards,

Hardik Shah

0 Likes Likes
  • 4352 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks