01-14-2024 05:12 AM
Hello Team,
First of all am a noob on the paloalto and I'm diving into the Palo Alto Firewall world after spending a year on the Cisco L2 side. Just set up a lab mirroring the site design for a new organization, and it's my first go at Palo Alto. For the real deal, I'll be handling a PA-850. Feeling pretty good about Nexus and endpoints, but could use some suggestions from the Palo Alto pros. Any suggestions or tips to nail this lab and smooth sail through the site deployment (what steps should i take on the palo alto Firewall) would be awesome. Thanks a bunch for any insights!
Once more, I'd really appreciate any assistance you can offer for step-up the LAB. Thanks a bunch!
Thanks,
Punkn
01-14-2024 11:02 AM
I suggest to put switch between ISPs and Palo so that both Palos see both ISPs.
This allows to start with active/passive configuration.
Active/active will add quite a few more configuration settings that need to be set and adds unnecessary complexity. Specially if you just start with Palos.
01-14-2024 01:26 PM
Hello Raido,
Absolutely, thanks for the suggestion, and I've already shared it with my buddy. Is it possible set up the PA cluster HA in an active/passive configuration for my new setup?. Also, I want to ensure that the LACP setup I mentioned in the new setup should function smoothly ??, considering my Nexus setup is in vPC ?.
Thanks,
Punkn
01-14-2024 02:04 PM
You can have links to separate switches in same LACP bundle in Palo only if both peers (both Nexus switches) advertise themselves with same LACP ID.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
