Wired Intelligent Edge

Hello, sorry maybe that was aked before but i not found an answer and i am new to aruba. 

I have to 3510M Switches stacked together and facing problem in the communication to a palo alto firewall cluster that is in active standby. 

One Interface of each Stack memeber goes to one Palo Alto but both are in the same Trunk Group 

trunk 1/16,2/16 trk16 trunk

For my understanding the palo alto not can not handle that. I am not sure if the best solution would be to have 2 seperate trunks and connect each trunk to one firewall

trunk 1/16 trk16 trunk

trunk 2/16 trk17 trunk

Would this be a working solution? 

Thanks and regards

Marco

It is the best option. However I see trk16 and trk17 having a unique interface, which is a SPOF. I strongly recommend to add a second interface/port to each trunk.

Hi! your scenario admits that a specific ports aggregation originating from each one Palo Alto firewall terminates its member links - equally distributed I would say - into each switch of the stack. Not the contrary (originating from any stack member, which would be supported, and terminating equally to both firewalls...which is not supported by a LACP/Non Protocol port aggregation approach standpoint). That's because you have to think your firewalls as separated nodes (despite you're dealing with an Active/Standby cluster).