I suspect the answer to this is in the Advanced Routing in PanOS 10.
We have configured a new system as Active-Active and BGP. The firewalls are in different DCs, the DMZ side of the firewall can talk to routers in both DCs but only its local router on the WAN side. If one DC goes down, the other firewall with a less favourable route from said DC would route for the named subnets. The requirement is to advertise the AS Number from the system on the DMZ to the WAN network so that the WAN router has both firewall and DMZ AS-Numbers for the return path and vice versa in the DMZ - this is so path selection can be performed within the DMZ BGP and WAN environment rather than on the firewall. Currently, the Palo Alto substitutes the AS-Number with its own AS so to make a path less favourable we need to perform AS-Prepending on certain paths.
Is there a way to achieve this on PanOS 9.1.14-h4 or is this an Advanced Routing requirement.
I understand how to prepend the AS. What I was questioning was can the received AS seen in the Local RIB be included in the export and not replaced as we are seeing. So the connecting router path check would see the AS Number of the device behind the firewall rather than just the firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!