vMX Integration with PaloAlto in Azure and AWS environment

Par_23
Here to help

vMX Integration with PaloAlto in Azure and AWS environment

Hi Team,

 

We have prepared solution that Spoke should access Azure Environment Application. In Azure PaloAlto is deployed and behind that all application are hosted and vMX are deployed in Azure AutoVPN with Spoke MX. 

 

Here we are looking best practice vMX Integration with PaloAlto via OSPF or BGP ? which protocol is best and easy configure it so spoke can access Azure Environment Application without any latency issue. 

 

Regards

PP

3 REPLIES 3
PhilipDAth
Kind of a big deal
Kind of a big deal

If it is in Azure it is unlikely you'll need to use any routing protocol.  I wouldn't use one.  You'll just add the Azure subnets into the Meraki portal for the VMX.

Hi Philip

 

Thanks for your reply.

 

Here Applications are behind the PaloAlto and client want to secure spoke traffic via PaloAlto so what will be recommendation for BGP or OSPF ?

 

Regards

PP

Fady
Meraki Employee
Meraki Employee

I wouldn't consider or use OSPF as the route advertisements are only unidirectional -- From vMX to upstream, and you will need to manually configure the Azure ranges as local subnet in vMX.

 

BGP is 100% what I would go for, and I would consider Azure Route Server to peer with. I didn't recommend directly peering between vMX and PA because Azure handles routing differently, and the traffic will have to hit the Azure SDN., which means you will still need to configure static routes in Azure route table for the traffic between vMX and PA.

Get notified when there are additional replies to this discussion.