Palo Alto Layer 3 Interfaces deployment

Layer 3 is the classical deployment method for the PA firewall, and it is always considered the standard and most powerful deployment method because it has all of the functionalities, while other deployment methods have some limitations (example of the other deployment methods are virtual wire, layer 2, etc …)

PaloAlto ITmug_L3_01

In this tutorial, I will explain Layer 3 Interfaces deployment.

Firstly, we will need to define the interface type (we need to decide what type the interface is; in this tutorial I will define all the interfaces as layer 3 type interface).

PaloAlto ITmug_L3_02

Now the traffic comes to the interfaces, but we need something in the middle to decide where the traffic is routed to, and this is done by the virtual router (VR).

The virtual router decides where to send the traffic based on the routing table.

Every interface always has to be allocated to a VR and only just one. The answer to why it is called VR is because we can actually have multiple routers.

PaloAlto ITmug_L3_03

Security policy is also an important element for the traffic to pass through the firewall, and is needed in order to allow or deny traffic from one zone to another. Therefore, every interface has to allocate to a security zone (for example Internal, DMZ and Internet zone).

PaloAlto ITmug_L3_04