- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-20-2017 01:05 AM
Please give me a best Solution
I have one Palo alto firewall and Branch end Cyberoam
I need to do MPLS VPN Failover between both device any suggetion it will work or not
palo alto MPLS supported or not ?
Thanks regrards
Hiroli Mohsin
12-20-2017 01:46 PM
Hello,
If i understand your question correctly, you want two connections between two PAN's? I have done this many times in the past and works out pretty well. What I usually do is setup a Policy Based Forwarding policy that sends all traffic over the MPLS connection on the far side 'stub' network. I also have OSPF setup between the two so that routes are updated automatically with the VPN connection with a higher cost so its not favored unless its last resort.
This way id the MPLs goes down, it'll swap to the VPN and when the MPLS comes back up, it fails back to it. I usually build in a minor delay to prevent flapping incase the MPLS is bouncing.
Let me know if you need a deeper dive.
Cheers!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!