VMX setup with existing NVA in place

robfromsc
Conversationalist

VMX setup with existing NVA in place

Does anyone have any experience or recommendations setting up a vmx 100 in an existing Azure environment with every node already pointing to a palo alto firewall via udr?  We have an express route circuit but eventually want to get rid of it and use the vmx100 as a hub instead of placing another in our data center.   I'm trying to understand the logical placement of the vmx100 and having traffic flowing to and from the existing palo alto firewall (nva). 

 

Thanks in advance. 

1 REPLY 1
GIdenJoe
Kind of a big deal
Kind of a big deal

Your vMX will have it's own IP in an Azure network and you'll need to route packets from the Pa towards the IP of the vMX towards all spoke networks.

 

You can achieve this using a few static supernet routes or using BGP if it is possible to peer with the Pa to exchange routes that way.

Get notified when there are additional replies to this discussion.