About leandrobaida

I disagree -  in Active/Active traffic load can be shared between the two devices; although I understand that Palo Alto recommends that they're not sized such that both devices are required to be forwarding traffic to handle the load as in the event of a failure traffic processing would surely be impacted. Of course, they'd also love to sell you a PA7000. I'd rather not throw away good firewalls though; and being able to extend an existing PA5000 pair to a cluster of greater than two devices would be great. The method PAN have chosen for the configuration of Active/Active seems to be designed to support such a model - with the physical device configuration elements (mainly IP addresses) being configured locally on each device.   For the current two device model; it would be so much easier if in Active/Active Panorama templates there was space to enter primary IP and a secondary IPs directly which would be applied to the corresponding firewalls - but they've not done it like this and I suspect that is to allow for future clustering support. My guess; they can do this in their labs; but they won't release it as the sales teams want to sell PA7000s instead.... ... View more