Hi All, I have couple question in mind when I’m think about implementation PAN firewalls in Data center design. In reviewing design guide “Designing Networks with Palo Alto Networks Firewalls”, mostly where described perimeter firewall with upstream untrusted networks, exceptionally where we got hierarchical design with trunks between aggregation and core. But in most used scenarios by this guide, I cannot find such scenario, where is implemented aggregation and core in one layer. Example: One customer has two L2/L3 switches with implemented VRRP, which is access, aggregation and core in same time. Clients, servers and others, are divided into VLAN’s and they are terminated on L3 within same switches. Questions: In such design, is there possible to implement PAN and secure communication between VLAN’s, or redesign is needed? If such design is supported, can you provide some configuration example? Thanks, SBS
... View more