I'm working on a solution as a vendor over deployment model for Palo Alto NGFW with following interest
- To control and inspect the traffic from between users and servers
- To protect DMZ web servers sourcing from internet.
I put together a fairly current
network design. At the moment we have two internet boundry firewall handling ingress/egress NAT, VPN connections
So I am looking for advise validated design and suggestions where to install the new firewall pair in the path as mentioned above.