I want set up two interfaces from PA as shown below. Traffic via Link will get to SW1 and on to S1, the same for the other link. The two are separated for security reasons.
The issue is that, say SW1 fails we will need to re-wire SW2 to allow continued operation (shown in dotted line). But the security rules on the PA will not allow this without amending them.
My question is, is it possible to trunk link 1 & 2 so that this will be allowed to happen without the need to amend rules on the PA but maintain the traffic segregation? If such thing exist on the PA , please point in that direction.
Note, this diagram is just a concept to show the issues, the actual setup is much more. The two switches are just bog standard Layer 3 stuff.
... View more