Without the ability to reuse the same IP address across multiple interfaces, it can be difficult to manage large environments where the firewall resources are shared or segmented. Beginning with PAN-OS 11.1.4, duplicate (overlapping) IP address support allows you to use the same IPv4 or IPv6 address on multiple firewall interfaces when the interfaces belong to different logical routers. The interfaces can belong to different security zones on a single virtual system, or belong to the same zone on different virtual systems, or belong to different zones and different virtual systems.

PA-1400 Series firewalls, VM-Series firewalls, and Panorama template stacks support overlapping addresses.

Overlapping IP address support requires the Advanced Routing Engine. When you enable Advanced Routing, the option to enable Duplicate IP Address Support becomes available for you to select. The overlapping addresses can be statically configured or dynamically assigned to interfaces. All Layer 3 interfaces types (Ethernet, VLAN, tunnel, loopback, Aggregate Ethernet [AE], and AE subinterfaces) support overlapping IP addresses.