- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-27-2023 02:46 AM
Hello All,
this is just a question to see the best approach, bear in mind this is not a tech question. OK in advance apologies for the next line.
Our company is a gold partner for Cisco. However, we also support Palo Alto. I am a consultant for PA and noticed there are few products of which I do not have knowledge. As a partner, we could sell those to clients. however, I need to have product knowledge. the best solution would be to lab them and get the relevant expertise.
So, my question is. Do we need to go through our pre-sales to apply for a trial license, or is there any other way?
I want to test some PanOS, boy I was surprised to see so many variations in there. majority of the features wi=ould be the same.
but the differences are the things I would like to learn,
in case the EA or SA or even presales approach me,I would be able to respond with a "yes".
sorry for the long essay though
thank in advance
01-27-2023 08:05 AM
Hi @Shadow ,
- You can install virtual PA firewall for lab and use it without licenses. BUT there are lot of limitation:
- You will have very low limit of concurrent connections and throughput (not big of a deal right)
- You will be limited to 1-2 concurrent GlobalProtect (remote access VPN) users
- You will not be able to enable any of the additional NGFW inspection (IPS, AV, URL, DNS etc, non of that)
- Your FW should still be able to apply application identification and filtering based on application (not layer4 port), but you wouldn't receive automatic updates, so you will need to upload such dynamic update package manually. You can use build, but it is possible that non applications will be identified correctly.
To sum up you should be able to test most (or even all) features of layer4 firewall - VPN (RAS and site-to-site), networking, routing, High-Availability, basic security rules, I believe even user identification (not sure about that)
- If you want to learn more you will definitively need to contact account/sales and request evaluation license - which is valid for 30 days.
- Apart from hands-on-lab you have the option to go over the self-paced training on https://beacon.paloaltonetworks.com/student/catalog/list?category_ids=25389-strata Beacon is Palo Alto learning portal with ton of free online self-paced training. You can search for "Strata" product there - is the "code" name for all firewall related.
01-27-2023 08:05 AM
Hi @Shadow ,
- You can install virtual PA firewall for lab and use it without licenses. BUT there are lot of limitation:
- You will have very low limit of concurrent connections and throughput (not big of a deal right)
- You will be limited to 1-2 concurrent GlobalProtect (remote access VPN) users
- You will not be able to enable any of the additional NGFW inspection (IPS, AV, URL, DNS etc, non of that)
- Your FW should still be able to apply application identification and filtering based on application (not layer4 port), but you wouldn't receive automatic updates, so you will need to upload such dynamic update package manually. You can use build, but it is possible that non applications will be identified correctly.
To sum up you should be able to test most (or even all) features of layer4 firewall - VPN (RAS and site-to-site), networking, routing, High-Availability, basic security rules, I believe even user identification (not sure about that)
- If you want to learn more you will definitively need to contact account/sales and request evaluation license - which is valid for 30 days.
- Apart from hands-on-lab you have the option to go over the self-paced training on https://beacon.paloaltonetworks.com/student/catalog/list?category_ids=25389-strata Beacon is Palo Alto learning portal with ton of free online self-paced training. You can search for "Strata" product there - is the "code" name for all firewall related.
01-30-2023 01:09 AM
Hello Astardzhiev,
thank you for the response. I will certainly look into the Beacon training. however, for the license (trial), od I need to go through our pre-sales guys or from the PA. there was a post on live PA about it and with an email, sish, I didn't bookmark it
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!