topic Re: AWS, gw loadbalancer and geneve in VM-Series in the Public Cloud

AWS, gw loadbalancer and geneve

TrondJohnsen — Mon, 24 Oct 2022 05:51:57 GMT

hi,

I have set up two palos in different az's in AWS. I have utilized the gw lodbalancers and done the bootstrapping so to get them "healty" etc. The soultion is working fine!!

But I am having a very hard time understanding how to get the panorama access working. I have panorama running on prem, and will be managing the palo's in AWS utilizing the VPN links I have to on prem. (I am not able to manage the firewalls over the internet for this customer and setup.)

Can someone explain how I am to do the routing or setup to get this done properly ? As of now I have had to enable asymetric routing - and then it works fine..

The mgmt nic in AWS is pretty much "useless" when managing the firewalls from "inside" / "not the internet" ?

Re: AWS, gw loadbalancer and geneve

DaveHillElavon — Wed, 26 Oct 2022 09:20:36 GMT

Hi Trond,

I would create management subnets for the management NIC and add static routes to Panorama via the VGW or Transit Gateway.

Re: AWS, gw loadbalancer and geneve

TrondJohnsen — Tue, 22 Nov 2022 23:54:44 GMT

hi,

Yeah, I do have subnets for this. But how will work related to routing ? I come from CheckPoint and Fortinet - so I might be way off here. But is it so that all packets I send to the mgmt nic of the Palo will return back on the same nic - regardless of any routing ? I see that I am unable to actually add in any routing specific for the mgt nic..