Migration of an aging firewall to newer Palo Alto appliance

A company with an aging firewall getting close to EoL ( End of Life ) and no support contract asked for hardware replacement or new versions of a firewall

Description and scope of work

  • Choose most suitable Palo Alto appliance
  • Install and configure disaster recovery colocation
  • Clone Palo Alto installation to primary colocation.
  • Enable stateful box2box High Availability (HA) for full, hitless redundancy (with sync of active sessions and configuration)

Used tools

  • Palo Alto
  • Pingdom (monitoring from multiple locations)


  • Installing NG (Next Generation) firewall improved security
  • Became HIPAA compliant with new firewall
  • Standard design and structure which avoided vendor lock-in, and providing better manageability
  • Combination of two different firewalls from two different vendors improved security.