- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-02-2022 05:27 AM
Hello Family,
I have a pair of PA220 in Active/Standby mode, I know datasheet of PA220 is as below:
Firewall throughput (HTTP/appmix)* 545/535 Mbps
Threat Prevention throughput (HTTP/appmix)† 265/320 Mbps
IPsec VPN throughput‡ 550 Mbps
Max sessions 64,000
New sessions per second§ 4,200
I already have a 250Mbps service provider internet link, and would like to add another due to office getting bigger, but would prefer I utilize the complete 500Mbps I'd have fully without getting the SDWAN license, and the PANs and links should also act as failover for each other incase one goes down.
I want to terminate one ISP on say PAN1 and the other on PAN2 and have them in a HA situation that they are both active. Also, I'd be doing IPSec to my workload in AWS, I'm guessing I'd create a tunnel from both PANs to AWS and probably utilize ECMP.
From my GP perspective, how do I also make sure public IPs from both ISPs are referenced to give me better availability.
Has anyone done this use case and have any pointers or blogged about it?
Thanks.
08-02-2022 07:07 PM
Why aren't you just using ECMP? That would be the more traditional approach to this and you aren't really losing anything. If you did this as you described you'd still only load balance on a session basis, which is already what ECMP does. Sounds like you're trying to over engineer a solution here when you don't need to outside of having some other considerations that you don't have listed here.
08-02-2022 07:07 PM
Why aren't you just using ECMP? That would be the more traditional approach to this and you aren't really losing anything. If you did this as you described you'd still only load balance on a session basis, which is already what ECMP does. Sounds like you're trying to over engineer a solution here when you don't need to outside of having some other considerations that you don't have listed here.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!