Panorama via S2S VPN

rjdahav163 — Tue, 26 Jan 2021 23:19:10 GMT

Hi everyone,

We have our PA Firewalls in different countries all around the globe.

Lets call them Country1, Country2. Country3 and so on.

All locations are connected to each other via S2S VPN.

We have Panorama in location Country1. And it manages firewalls in all countries over the S2S VPN.

At all sites, we do have local admin accounts.

Now, my concern is:

Lets say if IPSec tunnel goes down between Country1 (Panorama Location) and Country5 then we lose firewall management completely. So what I do is that every country location has Global Protect configured. So if S2S tunnel is down, then I login to GP and login with local admin account. But the local admin account can modify only few settings where there is "override" option. I cannot completely manage the firewall in that case.

I cannot edit policies with local account.

So is this the right way to go about it?

Is there any better way?

Thanks!

Re: Panorama via S2S VPN

Mick_Ball — Wed, 27 Jan 2021 06:20:44 GMT

Only had this issue once and mod was so urgent i just removed from panorama with import and rejoined when issue resolved. Probably not want to do this every day though....

Re: Panorama via S2S VPN

VinceM — Wed, 27 Jan 2021 11:28:45 GMT

Hi,

You're right, no solution.

Today at really low cost you can find router with 4G backup. it can be a solution for having an always on management network.

Take care

topic Re: Panorama via S2S VPN in General Topics

Panorama via S2S VPN

Re: Panorama via S2S VPN

Re: Panorama via S2S VPN