Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-12-2024 05:33 PM
Hello everyone,
I am newbie to PAN Firewall. Sorry that I haven't got much experience on Firewalls.
Currently we are in the middle of the migration as from the Cisco ASA with Firepower into PAN 1400 series. Have done some NATs and Security Policies migrations.
The existing Cisco environment is with two Contexts and some experts assisted us to create two Virtual Routers (VR01 and VR02) to try to cover the setup in Cisco.
VR01 is closer to our internal, and VR02 is more internet facing.
We also defined a few zones like, internal, priv_dmz, pub_dmz, inet_zone
Since we have VRs, priv_dmz has one interface in VR01 and one in VR02, pub_dmz also has one interface in VR01 and one in VR02.
I apparently not familiar with the Virtual Routers. So here I got questions about that.
1. when we are in Cisco, our PAT address was whitelisted by most of the vendors. but during the setup by the experts, they setup the PAT address into pub_dmz-VR02 IP 16.16.16.254, but the IP 16.16.16.252 is the PAT we used in Cisco. Can I change it to use priv_dmz-VR01? Not sure it has any effect on any other things.
2. we are still using this Cisco VPN and will also migrate to GlobalProtect too. Currently this VPN gateway is mapped to IP 16.16.16.252. So if we keep the Num1 item above, would that affect the GP.
Thanks in advance
Timothy
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
