Ignite '18 Wrap Part 3 - Answer the Orphaned Questions and Bag Some Swag – Last Chance!

by on ‎07-31-2018 12:49 PM - last edited yesterday by (13,541 Views)

Ignite-questionspart3.png

 

I know that Ignite '18 has been over for a couple of months, but that doesn't mean that you cannot still play a part by answering some of the leftover questions from the Live Community booth.

 

Over the past couple of weeks, I have created the following blogs featuring orphaned (leftover) questions from Ignite '18:

Ignite'18 Wrap Part 2 - Answer the orphaned questions and bag some swag

and

Ignite'18 Wrap - Answer the orphaned questions and bag some swag 

And we have been able to find answers to almost all the posted questions thus far. Just a couple of tough ones that don't have answers yet. If you think you are up to the challenge, visit the links above and see if you can answer those questions.

 

In case you missed all the questions and answers from Ignite '18, please check them out here:

 

So, this is it: Part 3. The last of the last of the leftover questions from the Great Wall of Knowledge, or, for those who saw it at Ignite, the Shark wall. There are no more questions past these from Ignite '18. 

 

Rules

The rules are simple: If you're able to provide the first correct answer, we will reward you with some Palo Alto Networks swag. Perhaps something from the booth, or a surprise. We are going to keep it a secret until the winners are announced.

Note: When you answer, please include the question # you are answering.

 

Questions

Here are the next four vetted questions:

  1. Can the migration tool be run against a specific content version?

  2. What are the Best Practices for setting up Zone Protection and DoS Profiles? Not just a "How to," but one that explains "Why" the parameters are set to certain values?

  3. How to leverage Panorama while migrating to a new set of firewalls? Answered

 

As always, please don't be shy. Answer away and maybe you can win some cool swag like a coffee mug (hint hint).

 

Even though these are the last of the questions from Ignite '18, we are going to continue the fun in the Live Community and will continue to post more contests or blogs to allow you to win some cool Live Community – Palo Alto Networks swag. Stay tuned in and keep coming back for more info soon.

 

Stay Secure!

Joe Delio

End of line.

 

Comments
by vsys_remo
on ‎08-01-2018 08:24 AM

 3) This depends if you are already managing a firewall (cluster) comoletely with Panorama or not. If the firewall is already managed, then a migration is really simple. You only have to add the new firewall to the same devicegroup and template as the old one, push the configuration and then physically reconnect the cables from the old to the new firewall in a maintenance window. At least this applies to situations where you will use the same network interfaces on the old and new firewall and it also works for example if you upgrade lets say from a PA3060 to a PA5220.

If you will change the network interfaces or if you want to set up the firewall in parallel that you do not need to physically change something at day X, then the best way probably is to copy the existing template(stack) and add the new firewall to this copy. In this new template you can change whatever you want (for example change from single interfaces to LACP channels). Just make sure that the interfaces are set to down until you actually migrate the firewall. In a maintenance window you can then set all the interfaces of the old firewall to down, up for the new ones and push the configuration. Depending on the used hardware this config push needs to be timed a little to keep the downtime as low as possible. This is because a PA3050 needs mlre time for a commit than a PA5220.

 

If a firewall is not yet managed with panorama follow these steps here and then the description above in this post to leverage panorama for such a device migration.

by
‎08-08-2018 02:46 PM - edited ‎08-08-2018 02:47 PM

@vsys_remo, thanks again for participating.. we will make sure you get something nice for your help.

 

Now, let's see if anyone else can help answer the remaining 2 questions.

by Speedypaper
on ‎08-09-2018 04:49 AM

Thanks for this article!I t's very useful for me!
I want to share with you too.
 Speedypaper - this app could be useful for you.

Ask Questions Get Answers Join the Live Community