This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.

Who Me Too'd this solution

kprakash
L5 Sessionator
In response to bradenmcg

‎08-08-2013 11:23 AM

I am Afraid if this will work.

The loopback IP address on the PANFW has to be a /32 IP address, and cannot have a /24 subnet. With that being said, even if the server 203.0.113.5/24 connects on an access port on the switch, and if the segment "VLAN 2000- Internet" is a trunk port carrying VLAN tagged traffic for the Vlan 2000, you should have a layer 2 port on the firewall  configured as an access port for vlan 2000, from where the server can reach any of the hosts behind this port and that lie in the /24 range.

I would rather move the server behind the firewall, reachable on the vlan 2000 access port, and configure a vlan interface for the vlan 2000 (203.0.113.1/24), to serve as the gateway for the hosts on vlan 2000. I can then advertise the whole /24 address.

An advantage of this setup is that you can protect your server against any forms of attacks by using a zone protection profile on the firewall. Otherwise the server is left exposed and can be subjected to attacks from the internet ( that the switch may not block )

BR,

Karthik RP

View solution in original post

1 person found this solution to be helpful.
0 Likes Likes
Who Me Too'd this solution
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks