I just want to check if this configuration of HA active/active is possible on PANOS 4.0.x having single router as gateway and a core switch to connect to internal LAN. From what I have seen in the HA active/active configuration, seems like router and switches are also configured as HA. If this is possible, please help me understand how to configure PA using this setup.
Typically with this type of configuration, there would also be a switch between the trust interface of the Router & untrust interfaces of the FW's (Allowing both PA's to share the Single trust L3 interface of the Router). This could also be accomplished by creating a private (non-routable) vlan on your core switch solely for the edge devices to communicate. (assuming you do not have additional hardware to deploy). Either option (despite having FW redundancy) would still be subject to single points of failure with the upstream/downstream devices.
As far as configuration assistance, we can refer you to documentation posted on Knowledgepoint:
Any type of design related questions/validation, etc... would typically require engaging your SE.
Thank you very much for the input on this one, just what I thought, it should be possible.
This is just an inquiry out of an idea, thus I felt this is the best channel to consult, as there maybe other folks out there who might have done this or interested in doing the same.
Nonetheless, I appreciate all the help and thanks for looking at this.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!