Five or so years ago we used Virtual Wire in-between our 5ks and Palo Alto firewalls. To complicate matters, we were also using Virtual Wire in-between Nexus VPCs. In this configuration we had traffic issues any time we performed manual failovers or experienced hardware outages on the Palo Alto or the Nexus infrastructure. Granted this was some time ago and was 7.x code so many things have changed. This being said we are now doing full LACP L3 (regular port channels) with the Palo Alto doing core routing and have no issues (PAN OS 10.1.4) with HA failovers. These settings may or may not apply to Virtual Wire, but In the L3 configuration you need to make sure you have LACP configured and in Fast Failover. On the Nexus side you will want do do the following: Port Channel: interface port-channelxx no lacp suspend-individual Ports in Port Channel: Interface ethernetx/x lacp rate fast Hope this helps, Matt
... View more