01-21-2016 02:42 PM - edited 01-21-2016 02:43 PM
We're in the process of implementing an MPLS network.
One of the things we'd like to do is leverage the network to manage the firewall devices with Panorama. The desired configuration would allow us to send firewall to a new location, connect the management port to the MPLS switch and use the console cable to set the management port IP address to an address on the MPLS network. We then connect, assign the panorama IP address to the firewall and can push the config from Panorama.
Unfortunately the entire network has not been built and we have some sites that are only reachable over an IPSEC VPN between the branch and corporate.
Is it possible to multi-home Panorama so it can service firewalls on more than one network?
Is there an article I missed?
Thank you!
Vince
01-21-2016 03:34 PM
Pretty sure that Panorama can only have one interface.
But as long as you have routing setup so that the mgmt address of the firewall over the IPSEC tunnel is reachable from the Panorama address, you should be able to connect to the device and manage it.
Is your MPLS a completely isolated network that you are not permitted to route out of?
01-22-2016 12:43 AM
if your management interface is not able to reach panorama because it needs to be out of band until the MPLS setup is completed, you can temporarily (or permanently) use service routes to have a dataplane interface be used as source interface for panorama connections
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
