1 Answer
- Newest
- Most votes
- Most comments
1
The Palo Alto's own documentation seems to have a good guide how to make the static route VPN connection. It even includes guide how to setup "tunnel monitor" that will failover the connection if the primary VPN connection goes down. The BGP is used to dynamically advertise networks between AWS and customer. Plus it provides this automatic failover without need to configure it separately.
I have not implemented this static route Palo Alto setup but previously I have administrated BGP based Palo Alto connections to AWS. So for me the guide made sense and I don't see any reasons why it wouldn't work.
But as said without the BGP they will need to maintain the static routes both on AWS VPC and Palo Alto side.
Relevant content
- asked 3 years ago
- Accepted Answerasked a year ago
- How do I monitor my transit gateway and Site-to-Site VPN on a transit gateway using Network Manager?AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago