Hi Folks, We currently use our PA 3020 firewalls with Layer 3 interfaces, Internet plugin directly, and doing all the routing for our network. Learned routing from L3 interfaces and manual static route entry. No routing protocols at all. We have old HP switches downstream, all Layer 2 function, and HP servers beyond that. We are getting ready to have Cisco UCS installed to replace everything, except our PA firewalls. The question is coming up, "Do you want to move all of the routing into the Cisco equipment?". I've been reviewing this document and seems that if we were to do that vwire would be the most common option if we were to do that? https://live.paloaltonetworks.com/t5/Integration-Articles/Designing-Networks-with-Palo-Alto-Networks-Firewalls/ta-p/60868 I'm not sure if we are ready to overhaul our network, but asking for comments from community to see if there is a best practice approach to our upcoming project?
... View more