Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
2 weeks ago
7Posts
0Likes
0Solutions
Oct 09, 2020Last Visited
User
Activity
User
Profile
Latest posts by SergGur
| Subject | Views | Posted |
|---|---|---|
| 582 | 09-11-2020 02:13 PM | |
| 703 | 09-11-2020 06:07 AM | |
| 715 | 09-11-2020 05:55 AM | |
| 241 | 09-11-2020 05:31 AM | |
| 744 | 09-11-2020 05:27 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 1 | |||
| 1 |
User Badges
Public Statistics
| Date Registered | 08-11-2020 05:40 AM |
| Date Last Visited | 2 weeks ago |
| Total Messages Posted | 7 |
09-11-2020
02:13 PM
@jmeurerwith regards to your statement You may see a nominal performance increase by running the bigger instance size due some of the underlying AWS hashing to hardware. The increase will be no where close to the performance of running a VM-300 on the same instance types. Thank you for sharing the first-hand experience with running VM-100 and VM-300 on the same instance type. Perhaps the difference is due to the number of VCPUs used by bata plane.
... View more
09-11-2020
06:07 AM
Similar to physical firewalls there is the management and data plane separation. And there is (at least one) dedicated CPU assigned to the management. I'm getting there but still confused. In one hand there is a document (see below) telling unlicensed CPUs allocated to management. In the other hand, my SNMP monitoring only reports two CPUs back. Does my VM-100 in AWS effectively only has 1 VCPU for traffic? From VM-Series System Requirements The number of vCPUs assigned to the management plane and those assigned to the dataplane differs depending on the total number of vCPUs assigned to the VM-Series firewall. If you assign more vCPUs than those officially supported by the license, any additional vCPUs are assigned to the management plane. Total vCPUs Management Plane vCPUs Dataplane vCPUs 2 1 1 4 2 2 8 2 6 16 4 12
... View more
09-11-2020
05:55 AM
Update: I discovered that SNMP monitoring does indeed only report 2 CPU and does individual graphs got each. Now I'm suspecting AWS CloudWatch graphs does not represent true AWS VA firewall load. This is because AWS combines the load of 4 VCPUs (2 busy and 2 totally idle) and therefore in this situation, AWS CloadWatch results need to be multiplied by two (to compensate for CPUs provided by AWS but not used by firewall software) My sample data for a firewall I'm examining (24 hours - but it can not be compared because in a massive difference in polling frequency and methods) AWS CloudWatch: SNMP monitoring:
... View more
09-11-2020
05:31 AM
As you already discovered this is per design. I believe not only Palo Alto but any registered partner can issue 30days VM-100 licenses. It is a well-known limitation documented in the admin guides and KB here - No Logging in Unlicensed VM-Series Firewall
... View more
09-11-2020
05:27 AM
Hello Experts, What happens when one runs AWS VM-100 (2 VCPU limit) on M4.xlarge or M5.xlarge (4 VCPU onboard). I definitely have seen it working fine. But does one waste VCPUs in such setup? I tried to use CloudWatch to see CPU utilization, but unable to see per VCPU stats, only the shared result for entre EC2 is visible. Please see some bits from my research below. Regards, Sergg Details about VM-100 virtual hardware support VM-Series on Amazon Web Services Performance and Capacity Details about amount of the resources supported by VM license type from VM-Series for AWS Sizing Please note – VM-100 does only support 2 VCPU Details about AWS EC2 types Details about EC2 instances from https://aws.amazon.com/ec2/instance-types/ Please note xlarge instances provide 4 VCPU (while VM-100 can only consume 2 VCPU) M4 options: M5 options: Details about declared VM throughput From VM-Series on Amazon Web Services Performance and Capacity
... View more
08-13-2020
05:02 AM
I think i found an answer to one of my questions in Prisma Cloud Licensing and Editions Guide Serverless Defender licensed per millions of invocations: Serverless function config checks are not counted (no license consumption)
... View more
08-13-2020
03:56 AM
Hello Prisma Cloud Experts, I'm fairly new to CWPP and tried some native and free options and looking at commercial products now. VNETs, Traditional compute and private endpoints are not difficult to grasp, while the transition to serverless is slightly more complex. What parts of the Prisma Cloud product should the customer use when assessing Serverless Lambda security? Am I right understanding what with regards to AWS Serverless there are two modes - initial assessment (can be done without any modifications to Lambda) and continuous protection (requires some additional code to be added). What about checking IAM rules for security? Are there features in the Prisma Cloud adding additional value on the top of IAM Analizer? Is there a built-in code review for Lambda? Lastly, can you please confirm that all features from PureSec, Twistlock, Evident.io and the rest are fully integrated (or perhaps discontinued) - and the only place I should be reading/looking is documentation at https://docs.paloaltonetworks.com/prisma/prisma-cloud Perhaps there are too many questions for one post, and I should do my own research first. Just trying easy option asking experts first 😉 Regards, Serg
... View more
Labels:
- Labels:
-
Compute Edition
-
Prisma Cloud
Latest Blogs
Latest Posts
Copyright 2007 - 2020 - Palo Alto Networks
