Then navigate to the Advanced tab and set the Management Profile to 'ping.' Next, navigate to the IPv4 tab and add the IP to the interface. Add the interface to the 'default' Virtual Router and assign it to the 'trust' Security Zone. For ease of management, it's best to set it the same id as the VLAN tag. The tag needs to match the VLAN exactly, but the interface number may be different. In the subinterface configuration, we need to assign an interface number and a tag.
We can now go ahead and add a subinterface.
The first step is to remove the IP configuration from the physical firewall. We'll be switching our configuration from a regular interface to tagged subinterfaces. This ensures that packets retain VLAN information outside the switch and should be treated as different LAN networks by the next host receiving these packets. The difference between a regular, or access, switchport configuration and a trunked switchport, is that the access port will not tamper with the Ethernet header with any packets, whereas a trunk port will attach a VLAN tag in the form of a IEEE 802.1Q header to packets. The firewall has Layer 3 interfaces and we're now going to change the trust interface so it can communicate with a trunked switch interface. The first configuration we'll look at builds on where we left off in the previous getting started guide. A good way to prevent these networks from communicating with each other is by implementing VLANs on the core switch, preventing hosts located in one VLAN from communicating with hosts in another, without some form of bridge or gateway to connect both virtual networks. There may be several network segments in your organization to segregate user workstations from public web servers. Check out I've unpacked my firewall, now what? and I've unpacked my firewall and did what you told me, now what? Our initial installments in the Get Started series described the first steps after unpacking your firewall and getting it updated and configured in VWire or Layer 3 mode. Now that your new Palo Alto Networks firewall is up and running, let's look at adding VLAN tags to the mix by creating Layer 3 subinterfaces.
0 kommentar(er)
