Hello. I have a situation where we have 2 separate adjacent office buildings, each on their own internet connection and separate LAN's/VLAN's. The firewalls at each office are Palo Alto firewalls with BGP configured over a MPLS network. This works great for our many other remote offices to connect in. However, we want to physically connect these two particular adjacent buildings by running conduit and fiber between them, in order to increase file transfer speeds between the two adjacent buildings.
So my question is, is there a way to configure our N4032F switches to route a specific subnet/VLAN directly between our adjacent buildings, before that connection reaches the BGP routing on our Palo Alto firewall? We want to route the connection directly from one building to the other without it ever going out to to the BGP/MPLS, and without interrupting the BGP allowing connectivity with our other offices. Does that make any sense?
So Building 1 with VLAN 111 192.168.111.0 wants to connect directly to Building 2 with VLAN 222 192.168.222.0, but without going out over the BGP, while retaining the BGP for connectivity with other offices on the MPLS network.
My first thought is that we would be better served doing this directly off of the Palo Alto's. However, with our threat prevention and url filtering services, we lose the throughout we want to achieve by directly connecting the 2 buildings in the first place. So going this route would require a significant upgrade on our firewalls. We would like to use the N4032F's we already have in place.
Any help is appreciated. Thank you!