This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Questions on Palo Alto safe practices

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Questions on Palo Alto safe practices

Go to solution
srikanth
Not applicable

‎09-24-2012 09:02 AM

Hi i have a few outstanding questions on Palo Alto devices. We just migrated from Juniper to PA line. So these might sound silly for people who already are on PA line.

  1. Do we have any primary and back up images on PA firewall . Just like in JUNOS if one image is corrupt it tries to load from the back up image file.
  2. How many rollbacks does the PA device support by default ? Can we actually delete some of them if we don't wish to have them on the device?
  3. How do we load factory default configuration on the device ? What does the factory default config contain ? Does it have some templates?
  4. What are the safe practices in operating a device ? Powering off and on PA firewall do we have some CLI commands ? I think we have a restart option in WEB GUI . But wanted to know about halting and forceful power off.
  5. How do we clean up the database once it is full ? Can we delete the logs like system logs and all?
  6. Flow diagram keeps changing in all of the modules (eg NAT ) . If you can throw some light on that , it would be helpful.
  7. Can we apply import policies for route redistribution? The reason why i ask this is i did not find any import for RIP , OSPF except for BGP.
  8. When we are configuring DNAT, what should we match on the destination IP address ( the pre NAT IP ) and i check mark on translated packet and give my post nat ip ? But i could not implement that on my device for some reason. Same goes with Static NAT
  9. When doing lab on Route redistribution , i matched on my default route and tried to redistribute that in OSPF but for some reason everything was visible except my default route which i exported in OSPF.

Hoping to get answers for these .. Thanks a lot guys !!

0 Likes Likes
20 REPLIES 20

Go to solution
ppatel
L4 Transporter
In response to srikanth

‎09-25-2012 11:12 PM

Srikanth,

At this time there is no way to remotely turn off the the device using the CLI.

Once you restart the system , the first process the device does is auto-commit. The management plane of the device comes up first and then the dataplane.

So we need to wait for the auto commit to complete. Having the access of device GUI , does not necessarily mean that the device is ready to pass traffic.

If the auto commit is not complete we see the system initializing message, we can either wait or bypass it by allowing it to run in the back ground.

Autocomm can be monitored by the following command:-

>show jobs processed

Regards

Parth

0 Likes Likes

Go to solution
ppatel
L4 Transporter
In response to srikanth

‎09-25-2012 11:18 PM

Srikanth,

Netflow documentation :- https://live.paloaltonetworks.com/docs/DOC-2014

Tap mode implementation is to monitor the traffic over the network by not being inline:Generally this feature is used for evaluation/ POC etc. So to answer your last question , YES  you can replicate the real time traffic on your firewall before you deploy by using tap mode https://live.paloaltonetworks.com/docs/DOC-2561

V wire implementation is like a bump-in-a-wire. Being inline and passing traffic through the firewall.

Regards

Parth

Go to solution
srikanth
Not applicable
In response to ppatel

‎09-26-2012 01:40 AM

Thanks Parth very useful info.

Can you help me how to register Panorama and add devices with that?

I was given Panorama Auth code but not sure where do i use that.

Also i have device serial nos and auth codes but when i add that in Panorama it says auth code already used.

Not sure whats wrong with that. I followed admin guide when doing this

0 Likes Likes

Go to solution
ppatel
L4 Transporter
In response to srikanth

‎09-26-2012 02:16 AM

Srikanth,

Here is the document on "how to register a device and activating licenses:-

https://live.paloaltonetworks.com/docs/DOC-1257

Also go through the document below  to get  software downloaded for panorama

.https://live.paloaltonetworks.com/docs/DOC-2331

I am sure tou will find this helpful.If so, feel free to mark it.

If you still have problems registering the device/panorama please open a support ticket.

Also I highly encourage you to create a new discussion thread for each topic.

Regards

Parth

Go to solution
srikanth
Not applicable
In response to ppatel

‎09-26-2012 02:22 AM

thanks for that .. Panorama .jpg

I did not get any serial no with panorama when i purchased these neither do i find it under the device tab .

Please find the attached

0 Likes Likes

Go to solution
ppatel
L4 Transporter
In response to srikanth

‎09-26-2012 02:44 AM

Srikanth,

This means that panorama is not registered.

Unable to Activate Support on Panorama

You should have the "Order Summary for Palo Alto Networks Order" e-mailed to you, which will contain the Panorama S/N.

If you cannot find it please contact your Authorized service center or Reseller from whom you got the device.

Regards

Parth

0 Likes Likes
  • 7326 Views
  • 20 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks