OPTION
A VIRTUAL WIRE DEPLOYMENT
The default configuration of the PA-200 device is a virtual wire between ports 1 and
2, which enforces security policies. No configuration is required for this basic setting.
Proceed to “Performing the Final Setup.”
OPTION
B LAYER 2 DEPLOYMENT
CONFIGURING THE INTERFACES
Click
Network > Interfaces
.
Click
ethernet1/1
, choose
Layer2
from the drop-down menu, and then click
OK
.
Click
ethernet1/2
, choose
Layer2
from the drop-down menu, and then click
OK
.
CONFIGURING THE SECURITY ZONES
Click
Network > Zones
and then click
trust
. Choose
Layer2
from the
Type
drop-down box.
Check the check box for
ethernet1/2
and then click
OK
.
Click
untrust
. Choose
Layer2
from the
Type
drop-down box.
Check the check box for
ethernet1/1
and then click
OK
.
CONFIGURING THE VLANS
Click
Network > VLANs
and then click
New
. Type the name of the VLAN in the
Dot1q
VLAN Name
field.
Check the check boxes for the
ethernet1/1
and
ethernet1/2
in the
Interfaces
list, and
then click
OK
.
Click
Commit
and then proceed to “Performing the Final Setup.”
OPTION
C LAYER 3 DEPLOYMENT
CONFIGURING THE INTERFACES
Obtain two IP addresses for ports 1 and 2 on the PA-200 device from your network
administrator.
Click
Network > Interfaces
.
Click
ethernet1/1
and choose
L3
from the drop-down menu.
Enter the IP address and subnet mask (for example, 10.1.1.1/24) for port 1 in the
IP
Address
and
Subnet Mask
field.
Click
Add
and then click
OK
.
Click
ethernet1/2
and choose
L3
from the drop-down menu.
Type the IP address and subnet mask (for example, 10.1.2.1/24) for port 2 in the
IP Address
and
Subnet Mask
field.
Click
Add
and then click
OK
.
CONFIGURING THE SECURITY ZONES
Click
Network > Zones
and then click
trust
.
Choose
Layer3
from the
Type
drop-down box.
Check the check box for
ethernet1/2
and then click
OK
.
Click
untrust
.
Choose
Layer3
from the
Type
drop-down box.
Check the check box for
ethernet1/1
and then click
OK
.
CONFIGURING THE VIRTUAL ROUTERS
Click
Network > Virtual Routers
and then click
New
.
Type the name of the virtual router in the
Virtual Router
field.
Check the check boxes for the
ethernet1/1
and
ethernet1/2
in the
Interfaces
list.
Enter network definition in the
IP Address/Mask
field and the gateway IP in the
Next Hop
IP field to configure the static route, and click
Add
.
Add more static routes as necessary, and click
OK
when finished.
Click
Commit
and then proceed to the next section.
Choosing a Deployment Option
•
OPTION A: Virtual Wire deployment
—Choose this option to transparently place the
PA-200 device between two ports where no routing, switching, or NAT is required.
•
OPTION B: Layer 2 deployment
— Choose this option to deploy the PA-200 device in
a Layer 2 environment where switching is required.
•
OPTION C: Layer 3 deployment
— Choose this option to deploy the PA-200 device in
a Layer 3 environment where routing and NAT are required.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
1
2
3
4
5
6
7
8
9
10
20
