So Option 2 sending to both Splunk and Panorama is feasible and not a strain on the firewalls? If so, then this is the option I'm leaning toward since it would help provide another layer of redundancy for log shipping.
... View more
I am standing up Panorama and not sure where to send logs. I currently have my firewalls sending logs to Splunk via a syslog server, and I want to keep getting logs into Splunk. Is there a best practice or recommended config? Option 1. Send firewall logs to Panorama and then from Panorama to Splunk Option 2. Configure firewalls to send to both Panorama and Splunk Option 3. something else?
... View more
I understand the path, my question is about HA. Can I upgrade one of the firewalls all the way to 9.1 and then upgrade the second firewall to 9.1 or do I have to do one to 9.0, then the second to 9.0, and then upgrade to 9.1 on the first and then 9.1 on the second.
... View more
I have an HA pair of firewalls on 8.1. Do I need to upgrade both to 9.0 and then 9.1 or can I upgrade one all the way to 9.1 and then the second from 8.1. to 9.1?
... View more
The GUI was a limiting factor in this scenario, but thanks for the information. We're after an automated solution, so maybe Panorama or API.
... View more
What are you saying here? Are you saying that if the config is exported as XML that there is no ability to restore it? " So, to summarize, there does not seem a good ability to load a config in "set" notation, but could export with 1000s of lines as XML."
... View more
What about using a tool like CatTools to capture the output of 'show config running' ? The readonly permissions lets the user run this command.
... View more
No, actually the PA logs don't display Action for the correlation events like you see for Traffic, Threats, etc. I'm seeing the Action as 'allowed' in Splunk logs. So all correlation events have the action 'allowed'. Just ends up being misleading when reading reports.
... View more
Is the correlation log_subtype action always allowed? It creates a bit of confusion when the action on the actual event was blocked, but the correlation action shows allowed. Just looking for clarification.
... View more
We have a process to do backups using the cli. I'm going to create a new role restricted to cli for this purpose. What admin role is required to perform backups?
... View more
Thanks, I've been through the guide and I think I'm configuring it correctly, but it's not working. It would be nice to see an example screenshot or two instead of just instructions. For example a screenshot with Step 3 '(Optional) Configure a vendor-specific or custom DHCP option that the DHCP server sends to its clients' would really help to verify syntax.
... View more
I am using my pa-850 as a DHCP server on a small office LAN. I need to assign a VLAN to the phones and another VLAN to the computers. The phones are sending Option 61 Client identifier as part of DHCP Discover. How do I configure DHCP custom options to use the Option 61 value and return a specified VLAN ID?
... View more