This FireOwls All-CCIE Team Installation includes Palo Alto inspection of Core traffic
before traversing VeloCloud SDWAN links and Palo Alto IPSEC links. Multiple traffic
paths for traffic: SDWAN, PAN IPSEC accomplished through dynamic routing.
Previous to the cutover, notify the MPLS provider to
stop advertising the voice subnet pertaining to the
remote location to be rolled out. This has to be
performed at the time the cutover starts, in order to
prevent the voice/SIP traffic to be forwarded via the
When the cutover starts, make sure that the
MPLS-facing routers are not receiving the voice
subnet from the MPLS provider.
Once confirmed that the routers are no longer
being received from the MPLS network, go to to the
velocloud orchestrator and setup the corresponding
vEdge with the Customer-Remote-Profile profile,
under Edge Overview.
Under the Edit tab, configure the following
– VLAN 1: Same IP address as the router.
– VLAN 90: IP address of the voice subinterface.
– GE1: Setup as access, VLAN 1.
– GE2: Setup as trunk for VLANs 1 and 90, with
VLAN 1 as native VLAN.
The WAN transports have been configured previous
to the cutover.
Unplug the MPLS cable from the router in order to
avoid a possible routing conflict.
Move over the LAN and VoIP facing cables from
the Adtran router to the Velocloud Edge:
– LAN-facing port (Adtran) – vEdge port GE1.
– VoIP-facing port (Adtran) – vEdge port GE2.
Test can be performed. Verify routing and services.