About mylimo456

Hi All, I have followed a procedure  HA sounds good : everything is green. BUT (there is a but) : the floating IP is not moving when I am doing a failover from HA1 to HA2. I am on PAN OS 9.0.1. The troubleshooting feature said it is ok. The Azure Active Directory Service Principal seems good. Any hint ? Thanks !         smart-linksyssmartwifi linksyssmartwifi-net amped-ampedwirelesssetup.net       ... View more

I need to rebuild some Palo VMs that were deployed poorly in an AWS transit VPC. I'm looking for suggestions to minimize headaches and work.   The existing VMs are deployed as a firewall on a stick with a single management interface and public facing interface. The public facing interface terminates VPNs from several spoke VPCs as well as VPNs to two offices. Those two offices are the transit paths for close to 30 other locations. The management interface is neutered, only being used for Palo updates via a NAT gateway. All other management traffic / services use a loopback interface. Routing is all BGP. Panorama is pushing some basic device templates. I've attached a sketch showing the current state and finished state.   Here are the reasons for the rebuilds:   Now need Palo HA for some public facing services. HA requires eth1/1 as HA2. Currently eth1/1 is the public facing interface and handles all data plane traffic Moving on-prem access from Palo VPNs to Cisco DMVPN to reduce latency and improve the user experience. All ~30 offices are already using Cisco DMVPN for WAN access. Making these AWS tenants DMVPN spokes will improve access for everyone. Current Palo management access rides in the firewall data plane I'm planning to stand up new m5.xlarge instances with four interfaces, mapping eth0-eth4 as mgmt, eth1/1 (ha2), eth1/2 (public), and eth1/3 (private). My main sticking point is finding the most efficient way to move the eth1/1 config and everything that depends on it to eth1/2. How would you approach this task knowing you have to repeat it 8x?     ... View more