I have 2 Palo Alto Firewalls each connecting to Peplink Balance 310x routers. HA is configured between the two Balance 310x routers. What I am trying to achieve is communication between these 2 routers via the 2 FWs. The HA (VRRP) interface is in the untagged VLAN on the router. It is Layer 2 between the routers and FW's. I have the FW interfaces with an untagged interface ready to pass this traffic between them but this is not working. See quick drawing above. I need to be able to pass the VRRP packets from the Peplink Balances via the 2 Palo Alto FW's. Is this possible using this design? I do not see any untagged traffic traversing the Palo's.
... View more