Yes and no. Remember GWLBs and TGWs serve specific purposes. If you just want VPC to VPC connectivity you can use VPC Peering. If you want to inspect traffic VPC to VPC using a pair of PAN FWs, you would use GWLB. If you want to perform dynamic routing with BGP over IPSec to on-prem with AZ redundancy, the TGW is still a good option. With the GWLB architecture, the firewall takes over the routing that would normally be done by the TGW (Hub and Spoke RT). That is because each GWLBe is mapped to an interface and zone on the FW and native routing is used. It's also much faster. In the old architecture, the Palo's had to have an IPSEC tunnel to the TGW which was limited to 1.25Gbps.
... View more