About Ramakrishnan

Dear All,  I have Panorama M-300 with Maximum HDD capacity of RAID 16TB [4X4 TB]. And We do not have a dedicated log collector. Since it's a new installation when I check the RAID status Disk A and Disk B pair not in use. Also in the Managed Collectors I am seeing Out-Of-sync and IP address mismatch and unknown. I assume Do we need to give the Panorama Management IP address on the Ethernet 1/1 interface. If yes in this case we going to use only Management Interface on which managed firewalls will forward the logs? And if we change the eth1/1 interface IP will it impact the Management traffic as both interface has same IP address? I am little confuse. Can some one help me out on this?   Regards, Ram   ... View more

Dear Folks,    I have firewall and Panorama in a large scale deployment. I would like to understand the process and procedure Device Certificate, As per project plan we are going to deploy Panorama first following deployment of local managed firewalls. So expedite the locally PKI signed certificate [from PKI team] for communication and integration purposes, shall we we generate the CSR from Panorama and get certificate signed [Internal PKI server] is that certificate will be installed for communication on Panorama to SIEM[install the same on SIEM] and then same certificate can installed on local firewall(s)  to SIEM and other integrations?   Preciously to ask If we generate the CSR from Panorama and get the signed certificate, Is that certificate shall be used in other firewalls or can not be used? If CSR is locally significant do we need to raise the CSR from each 400+ firewall individually and get the sighed certificate, what would be the standard approach.  ... View more

Dear All,    I have Panorama hosted in one of the location [where geo graphically separated] abd my Managed firewall are located across the globe. Due to Embargoed few countries I don't have  option to establish S2S VPN or any other over lay. So I have left with option plain internet.  Question1: What are the communication I could expect from Panorama inbound and Outbound from/to Managed firewalls.  Question 2: Is there no inbound inbound connection from Managed firewalls to Panorama? Question 3: From my Panorama hosted sites If do address translation [ NAT] Panorama Private IP address to Public IP address, then  I shall register managed firewalls with Panorama hosted location Public IP address.    Regards, Ram     ... View more

Dear Folks,    I want to setup Panorma High availability  between two different data centers [Netherland-Germany] I have checked the latecny is allowed upto 1000 ms. I have some following doubts. 1. since these DC's running  different Ip address spce so for HA communication between these peers have two different Ip address, is not an constrains? As long as we have reachbility[L3/L4 level] will it work? 2. since both peers are geographically seperated is there any nessasity to use SFP+ ports? that too PA has eth2/3 are in LAG ports[Viz M700 appliance]  3. As per admin guide, peer communication on MGT port then what is the purpose of Eth1/1 port, how do we configure dedicated HA for panorama    ... View more

Hi There,    Problem Statement : We have custom URL lists(To allow Azure Endpoints only), also we have EDL(With Minemeld) integrated.  As per our Infosec Policy we should not use Minemeld feed for Microsoft as it has some of many wildcard. So desperately creating custom URL for each MSFT end points(viz Defender, AAD heath etc,,)  But some of URL is not working. I couldn't fetch the exact URL which is getting blocked(its default implementation PAN that, unlisted URLs will not show in URL filtering tab...? but in the Traffic Tab I am seeing very peculiar; For example: As per below screen shot, Why session is starting the Rule which i configured and fall back to Deny (reset-both with "default deny") category showing EDL-Azure-URL(In fact we have not configured "EDL-Azure-URLs" in the policy.      ... View more