We currently have our Main PA configured in a VWIRE deployment with a TRUST and UNTRUST Zone. We have many different VLANs on our network and the default route for all internet bound traffic passes through the VWIRE. We want to configure multiple VSYS on the PA for our different divisions. Example VSYS1 - Enterprise, VSYS2 - Retail, VSYS3 - Public, etc. with a Shared Gateway. Is it possible to configure the PA so that the VWIRE stays in place and as traffic passes through direct that traffic to the other VSYS based on VLAN id in order to apply security policies and then that VSYS would send the traffic to the Shared Gateway out to the internet? In other words if Packet A has VLAN 10 stay with VSYS1 and apply security policy if Packet B has VLAN 20 send to VSYS2 and apply VSYS2 security policy then send Packet A and Packet B to the shared gateway.
... View more