This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

VWire configuration testing

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

VWire configuration testing

Mic
Not applicable

‎08-02-2013 09:39 AM

Hi,

At a recent PA training, the instructor mentioned a testing method for testing the configuration of VWire objects and the traffic flow, as configured in your Security Policy.  The goal of this method is the ability to do testing in a lab environment vs. testing your traffic flow after you've put the device into production.

With your device in a lab environment and the VWire objects and interfaces configured, you connect ethernet to two ports you're testing.  To that you connect two switches and one laptop to either swtich (two laptops total).  You then set each laptop's gateway to the other laptop and see if you can connect.

By reaching the laptop over the other port, you're able to determine that your security policy between those two zones is configured as needed.  And you repeat this for your other ports/zones to test inter-zone traffic.

Is anyone able to confirm this method or offer a suggestion on testing VWires object / zone / Security Policy configurations prior to deploying the PA into production?  Thanks

Labels:
0 Likes Likes
2 REPLIES 2

kprakash
L5 Sessionator

‎08-02-2013 10:25 AM

Thats an easy test to begin with. But you will only be able to test minimal traffic between the 2 laptops. The real load test would be when you pass pre-production traffic, with the PANFW, inline with the netwok ( before you replace your existing firewall with the PANFW ), without disturbing your existing layer 3 setup.

------------ internal networl---------- inside vwire inter-------------PANW----------outside vwire interface -------------router/firewall---------internet cloud

The PANFW will act as an IPS, process the traffic, matching for the applications and looking for threats.

BR,

karthik

Mic
Not applicable
In response to kprakash

‎08-02-2013 10:32 AM

Right, it's a very basic initial test with the goal being sure that your Security Policy allows all your inter-zone traffic.  I'm hoping to get details from others that have tested VWire configurations in a lab environment, without having to generate traffic from different networks to test the Source<->Destination allows in the Security Policy.

0 Likes Likes
  • 2738 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks