About VarunRao

The issue was resolved by opening a case with TAC.   I was missing the check box for sending logs to Panoram/logcollector on the log forwarding profile: Object > Log forwarding profile > select your profile > check the box option for Panorama/log collector   This would send the traffic from the firewall to the dedicated log collector. ... View more

The logrcvr process seems to be running fine, although for show logging-status, DNS resolution is fine but for Registration I am seeing a failure:   Registration : msg : Timeout:4310 triggered for lc_conn_id:lr-172.16.100.100-def status : failure timestamp : 2020/08/06 10:42:35  What is this registration for ?   ... View more

Are you using same Log collector IP for Management and receiving logs from PA? Yes using same interface for management and receiving logs. Make sure in Panorama , Collector Groups then click on device log forwarding. Yes it is configured. Make sure your firewall is added there. Yes   Then in Log collector CLI  Run this command  show logging-status device  serial number of FW admin@logcollector01> show logging-status device 0xxx11584xx           Type Last Log Rcvd Last Seq Num Rcvd Last Log Generated Also make sure From FW management Interface you can ping the log collector ip able to ping ... View more

Hi,   the log collectors show in-sync on the panorama.   How do I ensure they are connected to each other? Is there a config to ensure the 2 are talking to each other? ... View more

Hi,   Understanding the where your end-points are located within the organization is also very important. Due to the current situation, where everyone is working from home, there is a constant threat to end-points that are accessing the corporate resources through VPN/remote access/Citrix.   Now, for internet/private access, the users would need to create a VPN to your environment which is a waste of bandwidth. This where a web gateway comes into picture. A web gateway can be a solution for both your on-prem or off-prem end-points. It provides protection for all your end-points for port 80/443 traffic (URL-filtering, AV, Anti-spyware, DLP, threat prevention etc.) inline with your current security posture (on-prem Palo alto firewall)   I recently did a web gateway implementation (Zscaler) for a big client with 10000 users. They had Palo alto firewall on prem. The gateway was only for the roaming clients. The way we had it setup was, on the company LAN, Zscaler would disconnect automatically and 80/443 traffic would go through the palo-alto firewall. But if a user is remote on untrusted network Zscaler will enforce the traffic through the proxy node and apply all the security policies configured, which ensures that users can't go to any unwanted websites through company provided laptops.   Your choices for web-gateway solution can be Palo Prisma access, Zscaler, Netskope, Cisco secureX   Hope this helps. ... View more