Configure Inter-Virtual System Communication within the Firewall
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Configure Inter-Virtual System Communication within the Firewall
Perform this task if you have a use case,
perhaps within a single enterprise, where you want the virtual systems
to be able to communicate with each other within the firewall. Such
a scenario is described in Inter-VSYS
Traffic That Remains Within the Firewall. This task presumes:
- You completed the task, Configure Virtual Systems.
- When configuring the virtual systems, in the Visible Virtual System field, you checked the boxes of all virtual systems that must communicate with each other to be visible to each other.
- Configure an external zone for each virtual system.
- Select NetworkZones and Add a new zone by Name.For Location, select the virtual system for which you are creating an external zone.For Type, select External.For Virtual Systems, click Add and enter the virtual system that the external zone can reach.(Optional) Select a Zone Protection Profile (or configure one later) that provides flood, reconnaissance, or packet-based attack protection.(Optional) In Log Setting, select a log forwarding profile for forwarding zone protection logs to an external system.(Optional) Select Enable User Identification to enable User-ID for the external zone.Click OK.Configure the Security policy rules to allow or deny traffic from the internal zones to the external zone of the virtual system, and vice versa.Commit your changes.Click Commit.