Implementing SSL Orchestrator - L2 Service Configuration (Palo Alto)

Introduction This article is part of a series on implementing BIG-IP SSL Orchestrator. It includes high availability and central management with BIG-IQ. Implementing SSL/TLS Decryption is not a tr...
Published Jan 10, 2020
Version 1.0
BIG-IP
layer 2
ngfw
orchestrator
security
series-big-ip-ssl-orchestrator
service chain
ssl
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Jan 28, 2020

Hi Kevin,

 

Just one simple question - but quite important when designing solution. Is that necessary to use separate physical interfaces for traffic going into L2 service and coming back form this service? Not possible to define VLANs (tagged) on the same interface? Or it's not really limitation on BIG-IP side but rather on Palo side - so it is not able to bridge between two different VLANs on the single physical interface?

In other words if external L2 service will support bridging between two VLANs on one interface one interface and two tagged VLANs on BIG-IP will work?

Piotr