The goal is to ensure we are "always" connected. With the shift to the cloud we do not want to limit our connection to one ISP.
I am not sure about the routing at this point. I think I am going to push for a failover connection as apposed to an active-active connection. I am hoping to find an ISP that will allow us to use them on a retainer basis and only pay full price when we reach X amount of data or something along though lines.
failover is a great way to go! cost savings are great compared to paying for another full service line.
to do this you will go to your virtual router, enter in a 0.0.0.0/0 route out to your failover line with a higher administrative distance than that of your existing link (which should be already set to be 1)
This tells the router use the primary link until it it no longer reachable, after that link goes down use backup link.
Good Luck, let me know if you need anymore help configuing this!
Is is still not possible to implement dynamic load balancing with PAN? What about ECMP in PAN OS 7.0.3?
Even when Palo Alto Networks is a visibly higher security solution, many of our competitors offers load balancing and fault tolerance with their NGF boxes.
As of PanOS 7.0, ECMP is indeed supported :
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!