Starting with Palo Alto Networks - What I wish I had known...

Reply
Highlighted
L2 Linker

Re: Starting with Palo Alto Networks - What I wish I had known...

I echo a few others here about the Panorama path and using it for everything. It took us a while until we understood and decided this to be the way to go, and then it was a bit of work importing firewalls already in production etc to get it all synced.

 

Other things:

  • When using VMs, add all interfaces in case you need more after putting the FW into production. You can't add interfaces and get it to work 'live'
  • Also when using VMs (at least now with PAN-OS 8) add enough resources to account for any license upgrades from the start. This way there is no need to power it off to add more resources. 
  • Using one device group for multiple same-purpose firewalls. This has simplified at least one deployment for me. And now we are always sure the policies are the same between the locations.
Highlighted
L2 Linker

Re: Starting with Palo Alto Networks - What I wish I had known...

Mine's minor. Somehow I missed this capability for too long. 

 

"set cli config-output-format set"

 

 

 

****************************************************
ACE 7.0, PCNSE7
Tags (2)
Highlighted
L1 Bithead

Re: Starting with Palo Alto Networks - What I wish I had known...

Post by rodvand

  • Using one device group for multiple same-purpose firewalls. This has simplified at least one deployment for me. And now we are always sure the policies are the same between the locations.

 

This is something we are setting up now. In the meantime, we can clone the policy from one device to another which makes it easier when you don't have the DG's setup. Great tip!!

Highlighted
L2 Linker

Re: Starting with Palo Alto Networks - What I wish I had known...

Thankyou chris.russell for this one, we've been pulling our hair out trying to build an XML file "template"

This will make our configuration push script much easier to build.

Highlighted
L2 Linker

Re: Starting with Palo Alto Networks - What I wish I had known...

I'm glad to know I have helped at least one person avoid that. 

****************************************************
ACE 7.0, PCNSE7
Highlighted
L4 Transporter

Re: Starting with Palo Alto Networks - What I wish I had known...

Thanks to everyone who participated in the discussion. Responses range from the firewall to Panorama and back again. We appreciate all you shared and all we learned, which speaks highly of your positive engagement and support for the community and each other.

 

We look forward to seeing you at Ignite and hearing more about your journey with Palo Alto Networks! If you’d like to read a summary of all the responses, take a look at our blog.

Highlighted
L2 Linker

Re: Starting with Palo Alto Networks - What I wish I had known...

Cool, nice synopsis in the blog. 

****************************************************
ACE 7.0, PCNSE7
Highlighted
L4 Transporter

Re: Starting with Palo Alto Networks - What I wish I had known...

Thanks!!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!