Palo Alto Zones, Virtual Routers and Layer 3 Interfaces

ZONES

Objective: Create three zones, inside, dmz and outside.

Select the Network tab, and click Zones.

Then at the bottom left of the window, click Add.

Name your Zone, and ensure it is being configured as a layer 3 interface, then click OK.

Note: We do have the option to add interfaces here, but that will be done later.

Repeat this process for all three zones, inside, dmz and outside.

VIRTUAL ROUTERS

Objective: Create and configure a Virtual Router.

Still within the Networking tab, select Virtual Routers from the left hand side menu.

Then at the bottom left of the window, click Add.

Then name the Virtual Router and click OK.

Now click on Static Routes, click Add, and set up a default route for regular network (data plane) traffic.

  • Name: Default
  • Destination: 0.0.0.0/0 (represents a last resort route)
  • Interface: Ethernet1/1 (outside interface)
  • Net Hop: 192.168.0.254 (IP address of ISP router)

Once the changes have been committed, you can click on More Runtime Stats to confirm that the default route is in place.

INTERFACES

Objective: Create position the network interfaces.

Still within the Networking tab, select Interfaces, then the Ethernet tab.

Next, click on Ethernet1/1 and configure the interface:

  • Comment: Connects to the Internet
  • Interface Type: Layer3
  • Virtual Router: IMCK-Training-VR-1
  • Security Zone: outside

Then select the IPv4 tab, click Add, and type in an IP address and CIDR notation then click OK.

Repeat the process for interface Ethernet1/2

  • Comment: Goes to internal network
  • Interface Type: Layer3
  • Virtual Router: IMCK-Training-VR-1
  • Security Zone: inside

Then select the IPv4 tab, click Add, and type in an IP address and CIDR notation then click OK.

Repeat the process for interface Ethernet1/3

  • Comment: Goes to DMZ
  • Interface Type: Layer3
  • Virtual Router: IMCK-Training-VR-1
  • Security Zone: dmz

Then select the IPv4 tab, click Add, and type in an IP address and CIDR notation then click OK.

Not that all is configured, commit the changes.

You can use the refresh button if the link states are not showing as up (green).

A red link state indicates that the interface is configured but down (not connected to anything).

DATA PLANE DEFAULT ROUTE

Objective: Setup a default route for regular network traffic.

Within the Networking tab, select Virtual Routers from the left hand side menu.

SUMMARY

Thank you for visiting my tutorial page. For more tutorials, be sure to check IMCK Training for the latest updates.

1st & 2nd line IT training services.