It was not easy for me to understand the type of zones and “from – to” policy definitions when working with a Palo Alto firewall that has multiple vsys’s and a shared gateway. I was missing an at-a-glance picture that shows which zones to use. (Though this document describes the whole process quite good.) So, here it comes…
Not much to say about the figure. The security zones are dark blue. The colored arrows show sample policy definitions, while the boxes outside describe the traffic log entries.
I hope that this figure increases the understanding of the inter-vsys setup. If not, please write a comment.
Or download it as a PDF:
Links
- Palo Alto: How to setup Shared Gateway and Inter VSYS Setup in PAN-OS 4.0
- Palo Alto: VSYS Shared Gateways