Making a VM300 GP Gateway Available to the Internet

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Making a VM300 GP Gateway Available to the Internet

L3 Networker

I know have a VM300 NGFW installed and registered in my private vCenter environment. The reason for the VM300 is to provide more Global Protect users a means to connect to the network than the 1024 connections afforded by the 3220 PAN at the edge. My question has to do with addressing and zoning of the interfaces on the VM300 and NATting to the Internet. 

 

1) Can I add a 1:1 NAT on the 3220 that would map to the "OUTSIDE" of the VM300 (which is inside the PAN 3220)? So say currently the outside address of the 3220 is 1.1.1.100 and that serves as the address for the existing portal and gateway too. We'll say the inside of the PAN 3220 is at 10.10.10.100. If we made the "Outside" of the of the VM300 to be at say 10.10.10.200, could we create a NAT on the 3220 such that 1.1.1.200 NATted to 10.10.10.200 and have this work for the purposes of a GP gateway?

 

2) Would it be preferable for the VM300 to have it's OUTSIDE interface on a DMZ VLAN off of the 3220 and then have its inside interface be placed on the internal network? So in this scenario the VM300 OUTSIDE interface has IP 10.10.20.200 and that NATs to 1.1.1.200 on the 3220 OUTSIDE. 

To summarize: Can one hardware PAN serve as the NAT and routing conduit to and internal VM PAN that will act as a secondary GP gateway to the former? And what would be the preferred layout of the interfaces of the VM PAN in such a scenario? 

Thank you.

0 REPLIES 0
  • 1303 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!