Networking Considerations for a Shared Gateway
Keep the following in mind while you are configuring a shared gateway.
- The virtual systems in a shared gateway scenario access the Internet through the shared gateway’s physical interface, using a single IP address. If the IP addresses of the virtual systems are not globally routable, configure source NAT to translate those addresses to globally-routable IP addresses.
- A virtual router routes the traffic for all of the virtual systems through the shared gateway.
- The default route for the virtual systems should point to the shared gateway.
- Security policies must be configured for each virtual system to allow the traffic between the internal zone and external zone, which is visible to the shared gateway.
- A firewall administrator should control the virtual router, so that no member of a virtual system can affect the traffic of other virtual systems.
- Within a Palo Alto Networks firewall, a packet may hop from one virtual system to another virtual system or a shared gateway. A packet may not traverse more than two virtual systems or shared gateways. For example, a packet cannot go from vsys1 to vsys2 to vsys3, or similarly from vsys1 to vsys2 to shared gateway1. Both examples involve more than two virtual systems, which is not permitted.
To save configuration time and effort, consider the following advantages of a shared gateway:
- Rather than configure NAT for multiple virtual systems associated with a shared gateway, you can configure NAT for the shared gateway.
- Rather than configure policy-based routing (PBR) for multiple virtual systems associated with a shared gateway, you can configure PBR for the shared gateway.
External Zones and Shared Gateway
External Zones and Shared Gateway A shared gateway is an interface that multiple virtual systems share in order to communicate over the Internet. Each virtual ...
Device > Shared Gateways
Device > Shared Gateways Shared gateways allow multiple virtual systems to share a single interface for external communication (typically connected to a common upstream network ...
Shared Gateway This topic includes the following information about shared gateways: External Zones and Shared Gateway Networking Considerations for a Shared Gateway ...
Virtual Systems This topic describes virtual systems, their benefits, typical use cases, and how to configure them. It also provides links to other topics where ...
Configure a Shared Gateway
Configure a Shared Gateway Perform this task if you need multiple virtual systems to share an interface (a Shared Gateway ) to the Internet. This ...
Shared User-ID Mappings Across Virtual Systems
To easily enforce user-based policy in a multi-vsys environment, you can assign a virtual system as the User-ID hub to share mappings with other virtual ...
Building Blocks of Zone Protection Profiles
Building Blocks of Zone Protection Profiles To create a Zone Protection profile, Add a profile and name it. Zone Protection Profile Settings Configured In Description ...
Virtual Systems Overview
Virtual Systems Overview Virtual systems are separate, logical firewall instances within a single physical Palo Alto Networks firewall. Rather than using multiple firewalls, managed service ...
Configure Virtual Systems
Configure Virtual Systems Creating a virtual system requires that you have the following: A superuser administrative role. An interface configured. A Virtual Systems license if ...