Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
New Contributor

Trunk from stacked cluster to Palo Alto Active/Standby

Hello, sorry maybe that was aked before but i not found an answer and i am new to aruba. 

 

I have to 3510M Switches stacked together and facing problem in the communication to a palo alto firewall cluster that is in active standby. 

 

One Interface of each Stack memeber goes to one Palo Alto but both are in the same Trunk Group 

 

trunk 1/16,2/16 trk16 trunk

 

For my understanding the palo alto not can not handle that. I am not sure if the best solution would be to have 2 seperate trunks and connect each trunk to one firewall

 

trunk 1/16 trk16 trunk

trunk 2/16 trk17 trunk

 

Would this be a working solution? 

 

Thanks and regards

Marco

 

Highlighted
MVP Guru

Re: Trunk from stacked cluster to Palo Alto Active/Standby

It is the best option. However I see trk16 and trk17 having a unique interface, which is a SPOF. I strongly recommend to add a second interface/port to each trunk.

Highlighted
MVP Guru

Re: Trunk from stacked cluster to Palo Alto Active/Standby

Hi! your scenario admits that a specific ports aggregation originating from each one Palo Alto firewall terminates its member links - equally distributed I would say - into each switch of the stack. Not the contrary (originating from any stack member, which would be supported, and terminating equally to both firewalls...which is not supported by a LACP/Non Protocol port aggregation approach standpoint). That's because you have to think your firewalls as separated nodes (despite you're dealing with an Active/Standby cluster).

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: