We have our PA Firewalls in different countries all around the globe.
Lets call them Country1, Country2. Country3 and so on.
All locations are connected to each other via S2S VPN.
We have Panorama in location Country1. And it manages firewalls in all countries over the S2S VPN.
At all sites, we do have local admin accounts.
Now, my concern is:
Lets say if IPSec tunnel goes down between Country1 (Panorama Location) and Country5 then we lose firewall management completely. So what I do is that every country location has Global Protect configured. So if S2S tunnel is down, then I login to GP and login with local admin account. But the local admin account can modify only few settings where there is "override" option. I cannot completely manage the firewall in that case.
I cannot edit policies with local account.
So is this the right way to go about it?
Is there any better way?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!