Paloalto GWLB cluster IPsec tunnels with on-prem

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Paloalto GWLB cluster IPsec tunnels with on-prem

L3 Networker

Dear Team,

 

I want to deploy Paloalto 2 - VM-300 with integration of GWLB on AWS. both will be active and passing the traffic.

 

However i have referred Paloalto documents with two-arm mode and one-arm mode.

 

I will be having an IPsec connectivity with (on-prem DC) in this case, how this will work ? 

 

on prem user >>> IPsec >>>  AWS PA (Network VPC) >>> server in (Prod VPC)

 

Please let me know the detail flow and how to achieve this. any documents or article which describe this type of flow?

 

regards,

 

1 REPLY 1

L3 Networker

Hi @Doyenadmin 

 

The reference architecture design and deployment guides at AWS - Palo Alto Networks have all the answers you need - I recommend reading the design guide first to get an understanding of how the AWS components integrate, and what options are available to suit your needs. They also contain detailed flow diagrams, features and concepts specific to AWS deployments and links to automation libraries to help expedite your build or run a PoC.

 

As a general rule, use AWS services to terminate IPsec (Virtual Private Gateway, Transit Gateway VPN attachment) and only use the firewalls if required by design e.g. part of your multi-cloud or SDWAN deployment.

  • 454 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!