About lorr

Currently, we have two PA 2050s each hooked into a Brocade FCX switch, which are stacked together. We cando a heartbeat connection over our datacenter's switch, so if one of our drops fails, it will failover. However, reading through the configuration guide it seems like the 2050 does not support link aggregation, and I had planned on using it so that each firewall can talk to both switches in case one fails. Since each firewall is plugged into a single Brocade switch, if one of the switches fail, with our current setup (active-passive) the Palo Alto box for the working switch will not become active, as the heartbeat will be going over our datacenter's switch. If we switched the heartbeat to go over our Brocade switches and then our datacenter's drop fails, the passive still won't become active as it will still be sending a heartbeat to the active box. If we had link aggregation, it would be as simple as hooking each firewall into both switches, but without it I'm not sure how we can do that. An active-active seems like it could be a solution here, but is it possible to do this with an active-passive configuration? If I do need to use active-active, any ideas on what configuration I should use? Active-passive setup was a cinch, but it has been a real pain trying to get active-active to work, I have yet to succeed so far. Thanks for the help.0 ... View more