I am new with PA family and currently evaluating PA-3220 / PA-3060 appliance
I would like to know if i can implement transparent proxy feature with the above applaince for all my users including branch office without making major changes to network architecture
FYI, branch office are currenlty connected to HQ over IPsec site-to-site tunnel
INternet outbreak is from my HQ office for all users including HQ
Currently we are using explicit proxy using PAC file.
Appreciate all the inputs i can get which will help me with my evaluation.
many thanks in advance.
There are many definitions of proxy and what they can do. So it would help to know what features of a proxy ou are looking for. But we techinically use the PAN's as a proxy since they handle the features and logging/filtering we require.
If you are anyway routing everything to your HQ, then it is absolutely possible to use PaloAlto as transparent proxy without major network architecture changes.
PS: If you decide to buy a PaloAlto, do not use a PA-3060. You deginately want to go with the 3220 - specially if you need TLS decryption as this hardware has more of the modern chips that are build for current algorithms, not like the 3060 which is already some years old.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!