Looking at setting up a Gold in our data center behind an existing Palo Alto firewall so we can do site-to-site with a few of our small locations set up with Purples. Wondering what might be the best approach to this.
I can figure out all the protocols and ports needed to allow traffic through the Palo Alto to the Gold. Just trying to conceptualize the Gold's config.
Can I set up one of my public IP address to NAT to an internal LAN IP that I set on the Gold's LAN port and use it sort of like a router-on-a-stick? VPN tunnels would terminate into the Gold and I would add routes for subnets behind the Purples into my L3 switch to go to the Gold.
Or does the Gold need to have both the WAN and LAN ports configured in order to do any routing? If so, I could do a small subnet between the Palo Alto and the Gold so the WAN has some sort of IP address.
Last resort would be to put a switch after the ISP device and then go to both the Palo Alto and the Gold. Gold would get configured with an unused public IP on the WAN side. Was trying to avoid a switch though.
Please sign in to leave a comment.