Network technologies and trends

Feb 24 2016   12:55PM GMT

Using ECMP with Palo Alto Firewalls? Make sure you’re running PAN-OS 7

Yasir Irfan Yasir Irfan Profile: Yasir Irfan


When it comes to using Equal Cost Multipath in Palo Alto Firewalls, one needs to be very careful as this feature is not available in all PAN-OS versions by default.  Most of the Network Engineers assume ECMP is supported by default,  and they are shocked to discover ECMP is not working when they configure or enable ECMP using either OSPF or  BGP on Palo Alto Firewall running PAN-OS 6.x trail.

You don’t need to panic as Palo Alto doesn’t support ECMP on PAN-OS 6.x or lesser PAN-OS trail. Palo Alto introduced  Equal Cost Multipath (ECMP) as a new feature in  PAN-OS 7.0.  Palo Alto Firewall supports a maximum of 4 equal cost paths and supports this on OSPF and BGP protocols.

One can use Equal Cost Multipath to increase throughput, redundancy and reduce convergence times. This feature also can substantially increase bandwidth performance by load-balancing traffic over multiple paths.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: