This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
About VarunRao
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About VarunRao
10-01-2021
23Posts
8Likes
0Solutions
Oct 01, 2021Last Visited
User
Activity
User
Profile
Latest posts by VarunRao
| Subject | Views | Posted |
|---|---|---|
| 1034 | 02-24-2021 08:50 PM | |
| 1239 | 02-24-2021 08:08 PM | |
| 2339 | 02-24-2021 02:30 PM | |
| 2425 | 02-23-2021 06:26 PM | |
| 4545 | 12-09-2020 02:57 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 02-23-2021 06:26 PM | |
| 1 Like | 12-06-2020 03:45 PM | |
| 1 Like | 08-18-2020 07:11 PM | |
| 1 Like | 08-18-2020 05:43 PM | |
| 4 Likes | 08-17-2020 08:14 PM |
User Badges
Community Statistics
| Member Since | 04-30-2020 07:48 PM |
| Date Last Visited | 10-01-2021 03:54 AM |
| Posts | 23 |
| Total Likes Received | 8 |
02-24-2021
08:50 PM
Hi Mate, Its not about teh quickest, but the safest way should be preferred. Better option is option 1, upgrade both firewalls one by one before moving to the next version. This will help you test failover at each step and also ensure you are not hitting any issues. With option 2, if there are any issues with upgrade on version 9.1.2, you will have to downgrade again all the way to 8.1.7. here is the document that will help you: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-new-features/upgrade-to-pan-os-91/upgrade-the-firewall-to-pan-os-91/upgrade-an-ha-firewall-pair-to-pan-os-91.html Step 6 & 7 needs to repeated for every interim version you upgrade to till the final target version. Regards, Varun Rao
... View more
02-24-2021
08:08 PM
Hi Mate, I am not sure about the other networks connected to your core, but the basic priniciple is to have your firewall as close to the perimeter as possible. Firewall is your first line of defence and not last. It is a better design to filter all the traffic through firewall on site A, before being sent out to site B. So what you have is feasible, but your call where you would like to have it. For me site A makes more sense. Regards, Varun Rao
... View more
02-24-2021
02:30 PM
Hi, The configuration for ECMP was all fine and TAC did take captures, where we did see issues caused by ecmp, it tried to sdn reply packets through the load-balancing. TAC although doesn't know why it is happening. Still under investigation. We are using version 9.0.11.
... View more
02-23-2021
06:26 PM
1 Kudo
Hi All, We have dual ISP setup, and to load-balance the traffic we are using ECMP with static routes, and it works fine for the internet bound connections and traffic gets load-balanced. We however face issues with connection to our VPN servers in the DMZ. They are used by remote users to create a RA-VPN tunnel with the VPN servers from internet. The users have to try atleast 4-5 times before they get a successful connection with the VPN servers. We suspect it is because the VPN server have a public IP published on internet, which is a ISP2 public range. The return packet is getting load balanced too , towards ISP1 and cause assymmetric routing and ISP2 doesnt like it. Is there a way to ensure the return packet goes through ISP2 only? We ahve tried PBF but doesnt seem to work. We ahve also enabled symmetric return option in ECMP, and confused why it doesn't seem to work. We have a TAC case open, but no engineer has any idea or shown any willingness to go deeper. Below is the topology.
... View more
12-09-2020
02:57 PM
Glad it is helping people on the forum, sole reason why I had it documented here. There is no Palo alto document on this, since it is not an issue as per PA, but expected behavior of the network processor in 5200/3200's which sometime cause issue with other vendor traffic. Happy to help!!
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-01-2021
03:54 AM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks