Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
About Akeakamai
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About Akeakamai
Thursday
8Posts
0Likes
0Solutions
Jan 13, 2022Last Visited
User
Activity
User
Profile
Latest posts by Akeakamai
| Subject | Views | Posted |
|---|---|---|
| 66 | Wednesday | |
| 143 | 2 weeks ago | |
| 240 | 2 weeks ago | |
| 1372 | 04-23-2020 06:03 PM | |
| 1420 | 04-22-2020 11:18 AM |
User Badges
Community Statistics
| Member Since | 08-07-2019 08:28 AM |
| Date Last Visited | Thursday |
| Posts | 8 |
Wednesday
Thank you for your detailed response, unfortunately it landed in my Spam folder for a week. We came to a similar conclusion to your's independently, you provided useful additional info, and validated our similar approach.
... View more
2 weeks ago
Swapping licenses would be the easiest solution, Palo Alto told us that was not an option, hence my migration plan
... View more
2 weeks ago
Need to replace an HA pair of Panorama managed, currently deployed firewalls (PA-5220s) with a different pair of Panorama managed firewalls (also PA-5220s), with minimum/no downtime; device licensing is different between #1 & #2 pairs, necessitating the swap. Proposed procedure (detailed in attached picture) - Copy Panorama DG/Template for HA pair #1 to replacement DG/Template for HA pair #2 - Push Panorama config to HA pair #2 - Replace current passive firewall (1b) with it's replacement (2d), sync sessions - Swap HA roles (1b is now active) - Replace current passive firewall (1a) with it's replacement (2c) - Swap HA roles - Delete DG/Template #1 Hardware is identical (HA requires this) HA configs are identical: timers, peer IP addresses, etc. Anyone see issues with the proposed procedure? Suggestions for alternative procedure? Thought about using Panorama RMA procedure to just replace #1 firewalls one at a time and using HA to minimize downtime, maybe similar to above, start by serial number swap for passive firewall, HA swap, replace serial number for formerly active device, swap, etc hardware
... View more
04-23-2020
06:03 PM
Dashboard shows successful import. Double click Rules, then right click Export to Excel. Empty spreadsheet is result. Could very well be pilot error, I don't know what I don't know.
... View more
04-22-2020
11:18 AM
Export to Excel for any object I select results in empty spreadsheet. Anything I'm missing to export objects to Excel? v1.1.66.2
... View more
04-22-2020
09:33 AM
Migrating four Checkpoint clusters into single Panorama/HA firewall pair. My initial thought was to tackle each Checkpoint cluster as it's own project (good/bad idea? not sure how projects fit into overall workflow). Running 1.1.66.2 if it matters.
I was able to import Checkpoints and Panorama base config. I needed to provide rules to someone else for review prior to implementation, did a merge into Panorama then export security rules from Panorama into CSV. This all worked as expected. Now I need to go back to original Checkpoint configs to fix zone names and network interfaces, but the original Checkpoint configs are no longer visible. Makes some sense after a merge.
- Should I tackle this as a single project? Think of a project as a client?
- Do the original source files need to have everything resolved (address objects, zones, interfaces, etc) prior to a merge? Is there a way to go back to fix something in source configuration after a merge, then merge again?
... View more
- Tags:
- Expedition
- workflow
03-17-2020
06:00 PM
Zero experience with Checkpoint, hostile Checkpoint admin that really doesn't want to help. Admin has provided the first tranche (400 lines) of security policy, following KB on exporting R80 security policies, he doesn't want to do all of it until he knows we are on the right path, then he gives me the rest. I've followed the same KB trying importing the one json file of 400 policies, fails with Not a valid CSRF token in the POST. Then I tried creating the order file and zipping the one json and order file together (no subfolders), fails with same Not a valid CSRF token in the POST. I'm stuck, where do I go from here? Is it the partial json file creating the issue? Do I need the entire security policy rulebase before any import will function? Expedition v1.1.62
... View more
02-25-2020
06:12 PM
Third time was the charm for me, during the ubuntu install it wasn't clear that I should be creating create the 'expedition' user. First time I created my own user, initSetup.sh prompted me to create the 'expedition' user via adduser, which I did and reran initSetup.sh but install failed.
When Ubuntu install asks for user name, provide 'expedition' as the user. Don't know if this is how it's supposed to function, what was required for me.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Thursday
|
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks
