Branch HA with a Firewall on Internet, MPLS, and a Layer 3 LAN Switch

Learn more about the Branch HA with a Firewall on Internet, MPLS, and a Layer 3 LAN Switch in Prisma SD-WAN.
This topology consists of a branch site with Internet and MPLS and a firewall to terminate the internet connection. The firewall provides basic zone-based firewall protection and backup VPN connections to other corporate sites or third-party locations. Also, all Internet traffic must go through a central corporate site, since the MPLS router is the HSRP/ VRRP master so traffic will flow in a steady state via the MPLS. There are Layer 3 switches and the default route points to the firewall, such that in steady-state Internet-bound traffic is offloaded. The firewall provides basic zone-based firewall protection and is a backup path via VPNs to corporate locations.
The above topology and use case can be converted to a Prisma SD-WAN HA topology without the need to keep the firewall in place since Prisma SD-WAN provides all of these functions.
Follow the guidance for Configure Branch HA with Internet, MPLS, and a Layer 3 LAN Switch Topology-1 from an HA configuration and deployment perspective.
From a traffic forwarding and firewall services perspective, the same process can be followed as Configure Branch HA with a Firewall on Internet, MPLS, and a Layer 2 LAN Switch with the exception of the network path policy change to allow the direct-to-internet path for all traffic or the applications of interest (example, selective internet offload for trusted applications).

Recommended For You