topic Paloalto GWLB cluster IPsec tunnels with on-prem in VM-Series in the Public Cloud https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/paloalto-gwlb-cluster-ipsec-tunnels-with-on-prem/m-p/574866#M2094 <P>Dear Team,</P> <P>&nbsp;</P> <P>I want to deploy Paloalto 2 - VM-300 with integration of GWLB on AWS. both will be active and passing the traffic.</P> <P>&nbsp;</P> <P>However i have referred Paloalto documents with two-arm mode and one-arm mode.</P> <P>&nbsp;</P> <P>I will be having an IPsec connectivity with (on-prem DC) in this case, how this will work ?&nbsp;</P> <P>&nbsp;</P> <P>on prem user &gt;&gt;&gt; IPsec &gt;&gt;&gt;&nbsp; AWS PA (Network VPC) &gt;&gt;&gt; server in (Prod VPC)</P> <P>&nbsp;</P> <P>Please let me know the detail flow and how to achieve this. any documents or article which describe this type of flow?</P> <P>&nbsp;</P> <P>regards,</P> <P>&nbsp;</P> Tue, 30 Jan 2024 05:44:07 GMT Doyenadmin 2024-01-30T05:44:07Z Paloalto GWLB cluster IPsec tunnels with on-prem https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/paloalto-gwlb-cluster-ipsec-tunnels-with-on-prem/m-p/574866#M2094 <P>Dear Team,</P> <P>&nbsp;</P> <P>I want to deploy Paloalto 2 - VM-300 with integration of GWLB on AWS. both will be active and passing the traffic.</P> <P>&nbsp;</P> <P>However i have referred Paloalto documents with two-arm mode and one-arm mode.</P> <P>&nbsp;</P> <P>I will be having an IPsec connectivity with (on-prem DC) in this case, how this will work ?&nbsp;</P> <P>&nbsp;</P> <P>on prem user &gt;&gt;&gt; IPsec &gt;&gt;&gt;&nbsp; AWS PA (Network VPC) &gt;&gt;&gt; server in (Prod VPC)</P> <P>&nbsp;</P> <P>Please let me know the detail flow and how to achieve this. any documents or article which describe this type of flow?</P> <P>&nbsp;</P> <P>regards,</P> <P>&nbsp;</P> Tue, 30 Jan 2024 05:44:07 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/paloalto-gwlb-cluster-ipsec-tunnels-with-on-prem/m-p/574866#M2094 Doyenadmin 2024-01-30T05:44:07Z Re: Paloalto GWLB cluster IPsec tunnels with on-prem https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/paloalto-gwlb-cluster-ipsec-tunnels-with-on-prem/m-p/575022#M2096 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/227096">@Doyenadmin</a>&nbsp;</P> <P>&nbsp;</P> <P>The reference architecture design and deployment guides at&nbsp;<A href="https://www.paloaltonetworks.com/resources/reference-architectures/aws" target="_blank">AWS - Palo Alto Networks</A>&nbsp;have all the answers you need - I recommend reading the design guide first to get an understanding of how the AWS components integrate, and what options are available to suit your needs. They also contain detailed flow diagrams, features and concepts specific to AWS deployments and links to automation libraries to help expedite your build or run a PoC.</P> <P>&nbsp;</P> <P>As a general rule, use AWS services to terminate IPsec (Virtual Private Gateway, Transit Gateway VPN attachment) and only use the firewalls if required by design e.g. part of your multi-cloud or SDWAN deployment.</P> Wed, 31 Jan 2024 03:18:14 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/paloalto-gwlb-cluster-ipsec-tunnels-with-on-prem/m-p/575022#M2096 mb_equate 2024-01-31T03:18:14Z