I have a Wireless Access Point with multiple SSID's configured connected to a PA-200 on the interface ethernet2 (vlan).
The PA config is setup as per https://live.paloaltonetworks.com/t5/Configuration-Articles/Setting-Up-the-PA-200-for-Home-and-Small...
I would like to apply a security policy between each SSID. How would I approach this? Do I need to setup sub vlans or tag the vlans?
Hi there...Assuming each SSID has its own IP subnet, you can try to assign multiple IPs to the VLAN interface (192.168.1.254/24, 192.168.2.254/24, etc). Then write the security rules to inspect traffic within the same Trust-L3 zone:
Trust-L3 --> Trust-L3 src=192.168.1.254/24 dst=192.168.2.254/2 action=allow/deny
Alternatively, Eth2 can be configured as a layer3 interface with multiple IPs (192.168.1.254/24, 192.168.2.254/24, etc) and define policies as above. Thanks.
Thanks for the response. Much appreciated.
So just to confirm, there is no need to setup vlan sub interfaces?
I will give what you suggested a go...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!