Configure a Shared Gateway
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Configure a Shared Gateway
Perform this task if you need multiple virtual
systems to share an interface (a Shared
Gateway) to the Internet. This task presumes:
- You configured an interface with a globally-routable IP address, which will be the shared gateway.
- You completed the prior task, Configure Virtual Systems. For the interface, you chose the external-facing interface with the globally-routable IP address.
- When configuring the virtual systems, in the Visible Virtual System field, you checked the boxes of all virtual systems that must communicate to be visible to each other.
- Configure a Shared Gateway.
- Select DeviceShared Gateway, click Add and enter an ID.Enter a helpful Name, preferably including the ID of the gateway.In the DNS Proxy field, select a DNS proxy object if you want to apply DNS proxy rules to the interface.Add an Interface that connects to the outside world.Click OK.Configure the zone for the shared gateway.When adding objects such as zones or interfaces to a shared gateway, the shared gateway itself will be listed as an available vsys in the VSYS menu.
- Select NetworkZones and Add a new zone by Name.For Location, select the shared gateway for which you are creating a zone.For Type, select Layer3.(Optional) Select a Zone Protection Profile (or configure one later) that provides flood, reconnaissance, or packet-based attack protection.(Optional) In Log Setting, select a log forwarding profile for forwarding zone protection logs to an external system.(Optional) Select Enable User Identification to enable User-ID for the shared gateway.Click OK.Commit your changes.Click Commit.