The next big project, regarding Palo Alto, is deploying a total of 5 PA-200’s. 4 will be located in 3 different locations in Mexico. 1 Mexican location will have 2 PA-200’s setup in HA mode. The remaining PA-200 will be deployed in Managua, Nicaragua. They all will be configured with Wildfire, Threat Protection, URL Filtering and Global Protect. We of course want to manage these via Panorama.
I am reaching out to see if Palo Alto has a Best Practice document available explaining how to configure these boxes using Panorama and then ship to remote locations as close as possible to “plug and play”. I can find nothing that really covers configuring locally to send to remotes locations.
We pretty much configure and push everything in the Policies, Objects and Device tab using Panorama. Then we manually configure the items in the Network tab, mostly because our remote sites aren't generally the same.
One thing I would suggest is to set up an emergency "back door" to the PA-200. Just in case it doesn't come online or the site-to-site tunnel(if you're using one) doesn't come up. You could give SSH or HTTPS access to the PA-200 and allow only your source IP. You could also ship a laptop(with client VPN) and a cellular hot spot with it, so you can remote into the PA-200(assuming a tech or someone can plug it in).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!