Palo Alto: Vsys & Shared Gateway – Zones, Policies, and Logs

It was not easy for me to understand the type of zones and “from – to” policy definitions when working with a Palo Alto firewall that has multiple vsys’s and a shared gateway. I was missing an at-a-glance picture that shows which zones to use. (Though this document describes the whole process quite good.) So, here it comes…

Not much to say about the figure. The security zones are dark blue. The colored arrows show sample policy definitions, while the boxes outside describe the traffic log entries.

I hope that this figure increases the understanding of the inter-vsys setup. If not, please write a comment.

Palo Alto Vsys Shared Gateway - Zones Policies Logs

Or download it as a PDF:


Leave a Reply

Your email address will not be published. Required fields are marked *