About DanaHawkins

The customer exported the running configuration and provided it to me and I uploaded it manually. Expedition took the files without issue and I was able to import the device configuration into the project. ... View more

I moved the csv file as you mentioned above.   I also updated the ML configuration as well. I pulled the serial number directly from the log to create the device in Expedition. Expedition itself doesn't have access to the device though as it sit on the customer's network.       ... View more

I'm still running into the same issue as I stated above. I loaded expedition on a completely different system as well. Has there been a change in the log format from 10.X to 11.X? expedition@del-expedition01:/PALogs/firewall$ sudo tail -f /home/userSpace/panReadOrders.log ) No supported new files to process Success: -1 Errors: No supported new files to process Tue, 02 May 2023 12:02:47 -0700 End Task Tue, 02 May 2023 12:05:17 -0700 Start Task Checking CSV logs from device(s) 267010XXXXX Checking ML server is alive ML Server is alive Collecting device(s) serial(s) 267010XXXXX added devicesData Array ( [0] => stdClass Object ( [serial] => 267010XXXXX [afterProcess] => ) ) serialsAndData Array ( [0] => Array ( [serial] => 267010XXXXX [path] => /PALogs/firewall/* ) ) No supported new files to process Success: -1 Errors: No supported new files to process Tue, 02 May 2023 12:05:17 -0700 End Task ... View more

I'm going to have the customer re-export the log files again. Checking: PeriodicLogCollectorCompacter Mon, 01 May 2023 14:19:05 -0700 Start Task Checking CSV logs from device(s) 2670100XXXX Checking ML server is alive ML Server is alive Collecting device(s) serial(s) 2670100XXXX added devicesData Array ( [0] => stdClass Object ( [serial] => 2670100XXXX [afterProcess] => ) ) serialsAndData Array ( [0] => Array ( [serial] => 2670100XXXX [path] => /PALogs/firewall/* ) ) No supported new files to process Success: -1 Errors: No supported new files to process Mon, 01 May 2023 14:19:05 -0700 End Task ... View more

Thanks for the info. I'm going to review the logs to see if I can find anything in there that might help. I created the firewall device with the same serial number as what's in the logs. The only thing I can think of is 1400 series isn't a choice when you create the device. I just chose VM-Series.   I will let you know what I find. ... View more

@lychiang thanks for the reply. These firewalls are unmanaged/standalone. I have no problem importing the device or going through the process of creating the connector. It doesn't show up when I enable ML on any policies and try to run the ML discovery. Unfortunately I don't have access to Expedition right now but I will try to provide a screenshot tomorrow via customer screenshare.   I've asked the customer to review logs coming from syslog to ensure they contain the serial number of the firewall in question. ... View more

Was this bug fixed?   I'm running into this with the latest version of the Expedition tool. I've imported the device via API (Username and Password). I've configured Expedition to be a syslog collector and that seems to be working properly with good log processing occurring. Whether I create a static or dynamic connector none show up when I go to analyze logs with ML. It does work with Enrichment.   We also deleted and recreated the project after performing an update. ... View more

Best practice is to setup an inbound NAT on a port other than TCP/80 or TCP/443. For instance, use an inbound nat on port TCP/8888 that NATs to 443 with a destination of your back-end server. You can also check the reference architecture guide well. https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/guides/azure-architecture-guide   ... View more

I would take a look at the Palo Alto Azure Reference Architecture Guide. https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/guides/azure-architecture-guide. In short, you have to configure UDRs to get traffic over to the Palo Alto for inspection. ... View more

This would be true if you were only using AWS native constructs but introducing the Palo Alto FW in the "Transit" VPC would allow you to pass traffic/inspect traffic by sending traffic to a VPC subnet ENI resource to another subnet ENI resource. In effect, the Palo Alto FW becomes the "transit router" for the VPC. VPCs as AWS native constructs are non-transitory in nature but a FW can act as the bridge.   ... View more

The firewall is acting as the intermediary. VPC peer allows for connecting of resources between VPCs. @sthornton You are right that, if there was no firewall, or another intermediary, within the VPC then you would not be able to communicate from VPC1 to VPC2 via VPC3. ... View more

You achieve what you want with VPC peering using a design similar to the picture I posted above. Transit Gateways give you the benefit of Availability Zone redundancy and using BGP for route propagation between the firewalls and AWS. Using VPC peering all route table configurations are manual for both the firewall and AWS. ... View more