How to Configure PBF in Multi Vsys Configuration

How to Configure PBF in Multi Vsys Configuration

25608
Created On 09/25/18 17:51 PM - Last Modified 06/08/23 02:49 AM


Resolution


Overview

This document describes how to configure PBF in a multi vsys setup on the Palo Alto Networks device.

 

Steps

Example network scenario (Palo Alto Networks device represented by "PA"):

Client ---- PA (vsys_lan) ---- PA (vsys_internet) ---- Internet

 

  1. Create 2 virtual systems and make sure they are visible to each other
    Screen Shot 2013-09-09 at 15.36.06.png
  2. Each vsys has it's own VR
    Screen Shot 2013-09-09 at 15.37.56.png
  3. Create at least 1 Layer3 zone and 1 external zone for each vsys
    Screen Shot 2013-09-09 at 15.40.05.png
  4. Step4: We need to create 2 PBF rules. (1 for each vsys)
    • vsys-lan:
      Screen Shot 2013-09-09 at 15.42.28.png
    • vsys-internet:
      Screen Shot 2013-09-09 at 15.43.26.png
      The first PBF rule will route the traffic from the LAN vsys to the Internet vsys, the second PBF rule will forward the traffic to it's default gateway. If you don't configure the second PBF rule, your traffic will get dropped on the Palo Alto Networks device.
  5. Make sure you create security policies on both vsys's that allow the traffic.

 

owner: rvanderveken
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKsCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language