This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Multiple ISP PA5250

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Multiple ISP PA5250

Simon.Cardman
L1 Bithead

‎02-12-2018 08:08 AM

Hi 

I have been asked to purchase a new PA 5250.

It will potentially have 20GB throughput to the internet.

i am looking at an active active setup, with Aggregate interface inside to each FW.

On the Outside i have been asked to connect to 4 x ISP 5GB Bandwidth on 10GB Bearer to each ISP. (this is for resilience / redundancy)

To share the traffic across the ISP is it Policy Based Forwarding?

So the traffic would need to be coming from 4 different sources to direct to each of the outside Interfaces?

Is there any other way of doing this?

 

Any help much appreciated.

 

Simon

 

0 Likes Likes
2 REPLIES 2

BPry
Cyber Elite
Cyber Elite

‎02-12-2018 08:16 AM

@Simon.Cardman,

Is there a reason specifically that you are looking at doing an A/A setup; such as having a lot of asynchronous routing or something like that? Generally you don't actually want to put PA boxes in A/A if you can avoid it. 

Would all 4 x 5GB links be up at all times? You could aggregate your Outside links and then utilize PBF to decide which traffic passes to ISP-1 and which goes to ISP-2. 

 

It may help to provide a touch more information on what exactly you plan on doing, and maybe sketching out a diagram. It may also be worth engaging your Sales Engineer assigned to your account we can get more details on what you are trying to do and what your actual enviroment looks like. With that information your SE can generate a far better picture of how they would recommend you actually proceed. 

0 Likes Likes

Simon.Cardman
L1 Bithead
In response to BPry

‎02-12-2018 09:22 AM

@BPry

Thanks for your response, I have asked to design a resilient solution to allow HPC devices to access the internet to upload cutomer data to the cloud.

Hence the reason for Active / Active and multiple links on the inside and the outside.

Yes the 4 x 10GB outside circuits would be utilised but at half B/W.

For resilience they would need to be four seperate ISP's.

 

On the inside then a QSFP link from each edge switch to each Firewall L3 link, again - resilience.

i wasnt aware Active / Active is not recommended.

 

Yes i think for this spend i will engage an SE, 

 

Many Thanks

 

Simon

 

0 Likes Likes
  • 1746 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks