Palo Alto MPLS failover

cancel
Showing results for 
Search instead for 
Did you mean: 

Palo Alto MPLS failover

L0 Member

Please give me a best Solution

 

I have one Palo alto firewall and Branch end Cyberoam 

 

I need to do MPLS VPN Failover between both device any suggetion it will work or not

palo alto MPLS supported or not ?

 

Thanks regrards

Hiroli Mohsin

1 REPLY 1

Cyber Elite
Cyber Elite

Hello,

If i understand your question correctly, you want two connections between two PAN's? I have done this many times in the past and works out pretty well. What I usually do is setup a Policy Based Forwarding policy that sends all traffic over the MPLS connection on the far side 'stub' network. I also have OSPF setup between the two so that routes are updated automatically with the VPN connection with a higher cost so its not favored unless its last resort.

 

This way id the MPLs goes down, it'll swap to the VPN and when the MPLS comes back up, it fails back to it. I usually build in a minor delay to prevent flapping incase the MPLS is bouncing.

 

Let me know if you need a deeper dive.

 

Cheers!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!