- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vMX Integration with PaloAlto in Azure and AWS environment
Hi Team,
We have prepared solution that Spoke should access Azure Environment Application. In Azure PaloAlto is deployed and behind that all application are hosted and vMX are deployed in Azure AutoVPN with Spoke MX.
Here we are looking best practice vMX Integration with PaloAlto via OSPF or BGP ? which protocol is best and easy configure it so spoke can access Azure Environment Application without any latency issue.
Regards
PP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If it is in Azure it is unlikely you'll need to use any routing protocol. I wouldn't use one. You'll just add the Azure subnets into the Meraki portal for the VMX.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Philip
Thanks for your reply.
Here Applications are behind the PaloAlto and client want to secure spoke traffic via PaloAlto so what will be recommendation for BGP or OSPF ?
Regards
PP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I wouldn't consider or use OSPF as the route advertisements are only unidirectional -- From vMX to upstream, and you will need to manually configure the Azure ranges as local subnet in vMX.
BGP is 100% what I would go for, and I would consider Azure Route Server to peer with. I didn't recommend directly peering between vMX and PA because Azure handles routing differently, and the traffic will have to hit the Azure SDN., which means you will still need to configure static routes in Azure route table for the traffic between vMX and PA.