Hi All, Just looking for advise , pros vs cons about connecting an ISP internet feed directly to our core mpls/vpls switch. ISP Internet Router—>adva—>Core Switch(siteA)—>mpls/vpls—>Core Switch(siteB)—> Palo Alto The PA firewall will have a separate VR and will nat traffic from 10.x LAN to Public before routing out to Internet via core. There is ospf routing on all cores and distribution switches connecting to cores as well as L2/L3 traffic from other sites. Is this acceptable and what are the security concerns?
... View more
Hi All, I have a guest wifi vlan 10.25.x.x that needs to be routed out to a second ISP. AP-->WLC--Palo Alto FW-->MPLS/VPLS-Router-->L3Switch-->ISP The vlan will each have a sub-interface and gateway 10.25.x.1 assigned on firewall in its own guest zone and virtual router. The virtual router will have a default gateway 0.0.0.0 to a next hop 10.25.x.2 layer 3 switch SVI where ISP is connected. Nat will be performed on the L3 switch, 10.25.x.x addresses pool to a public IP before routing out to internet. 1) Will the policy based forwarding work ? 2) I assume I can forward the same traffic out the same sub-interfaces ? 3) Also if I performed the NAT on the Palo Alto before routing out to ISP over a private network is that acceptable from security point of view ?
... View more