Starting with Palo Alto Networks - What I wish I had known...

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Starting with Palo Alto Networks - What I wish I had known...

L4 Transporter

Beginnings are not always perfect.  Whether you started your Palo Alto Networks journey years ago or just recently, tell us what you learned early on that you wish you had known before. 

 

If there was one thing, or maybe more, Live Community users would love to hear about it.  Share your stories, your tips to help other users along the way.

 

Read a tip you like, make sure to like it or let them know by commenting!  

 

The most popular and helpful stories will get you a cool new Live Community t-shirt!

 

live t-shirt.jpg

 

Looking forward to reading all the great stories!

 

@carnould

39 REPLIES 39

I echo a few others here about the Panorama path and using it for everything. It took us a while until we understood and decided this to be the way to go, and then it was a bit of work importing firewalls already in production etc to get it all synced.

 

Other things:

  • When using VMs, add all interfaces in case you need more after putting the FW into production. You can't add interfaces and get it to work 'live'
  • Also when using VMs (at least now with PAN-OS 😎 add enough resources to account for any license upgrades from the start. This way there is no need to power it off to add more resources. 
  • Using one device group for multiple same-purpose firewalls. This has simplified at least one deployment for me. And now we are always sure the policies are the same between the locations.

L2 Linker

Mine's minor. Somehow I missed this capability for too long. 

 

"set cli config-output-format set"

 

 

 

****************************************************
ACE 7.0, PCNSE7

Post by rodvand

  • Using one device group for multiple same-purpose firewalls. This has simplified at least one deployment for me. And now we are always sure the policies are the same between the locations.

 

This is something we are setting up now. In the meantime, we can clone the policy from one device to another which makes it easier when you don't have the DG's setup. Great tip!!

Thankyou chris.russell for this one, we've been pulling our hair out trying to build an XML file "template"

This will make our configuration push script much easier to build.

I'm glad to know I have helped at least one person avoid that. 

****************************************************
ACE 7.0, PCNSE7

Retired Member
Not applicable

Thanks to everyone who participated in the discussion. Responses range from the firewall to Panorama and back again. We appreciate all you shared and all we learned, which speaks highly of your positive engagement and support for the community and each other.

 

We look forward to seeing you at Ignite and hearing more about your journey with Palo Alto Networks! If you’d like to read a summary of all the responses, take a look at our blog.

Cool, nice synopsis in the blog. 

****************************************************
ACE 7.0, PCNSE7

Retired Member
Not applicable

Thanks!!

L0 Member

I still don't know. I keep trying to download the free VM even though I work for a company that has a million PAs and use company email for the registration. I keep getting rejected. On third try now. All I want to do is run through some training before the training subscription runs out. If it works this time I guess the "no acronyms" requirement is super serious.

Community Team Member

Hi @jackb4120 ,

 

I was unable to find any entitlements linked to your email.

Please check with the superuser of your account or create an admin case with PAN to check out/fix your entitlements.

 

Kind regards,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 23617 Views
  • 39 replies
  • 4 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!