Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- ›
- About SergGur
About SergGur
Announcements
Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
02-02-2021
15Posts
0Likes
0Solutions
Feb 02, 2021Last Visited
User
Activity
User
Profile
Latest posts by SergGur
| Subject | Views | Posted |
|---|---|---|
| 278 | 01-21-2021 04:53 PM | |
| 402 | 12-04-2020 06:38 AM | |
| 464 | 11-26-2020 08:38 AM | |
| 1140 | 11-23-2020 01:42 PM | |
| 568 | 11-23-2020 11:56 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 3 | |||
| 1 | |||
| 1 | |||
| 1 | |||
| 1 |
User Badges
Public Statistics
| Date Registered | 08-11-2020 05:40 AM |
| Date Last Visited | 02-02-2021 10:25 AM |
| Total Messages Posted | 15 |
01-21-2021
04:53 PM
@rgunna2020 What application are you trying to optimize? Are you talking about the MS Teams?
... View more
12-04-2020
06:38 AM
Hello Experts, Can you please clarify if Non-tunnel mode provide packet encryption, or just HIP/User-ID for the gateway? Does the traffic goes in from GlobalProtect (laptop) to GlobalProtect gateway (firewall) in non-tunnel mode setup? If it is encrypted, how much of IP header retained, is it just IP or ports are in clear as well? It is not clear from the documentation: Internal —An internal gateway is an interface on the internal network that is configured as a GlobalProtect gateway and applies security policies for internal resource access. When used in conjunction with User-ID and/or HIP checks, an internal gateway can be used to provide a secure, accurate method of identifying and controlling traffic based on user and/or device state. Internal gateways are useful in sensitive environments where authenticated access to critical resources is required. You can configure an internal gateway in either tunnel mode or non-tunnel mode. The GlobalProtect app connects to the internal gateway after performing internal host detection to determine the location of the endpoint. References: https://docs.paloaltonetworks.com/globalprotect/8-1/globalprotect-admin/globalprotect-gateways/globalprotect-gateway-concepts/types-of-gateways.html https://docs.paloaltonetworks.com/globalprotect/10-0/globalprotect-admin/globalprotect-quick-configs/mixed-internal-and-external-gateway-configuration.html
... View more
11-26-2020
08:38 AM
Sorry, with regards to " mileage may vary depending on the overhead ( udp > tcp > http ) " - do you mean UDP takes most or less CPU cycles from MP?
... View more
11-23-2020
01:42 PM
I tested this inside out. Here is final take: VM-100 is limited to 2 VCPU all together Out of 2 VCPU at least one is dedicated to management One 1 VCPU is left for DP (data plane) On the AWS M4 type machine with 4 VCPUs only half is used.
... View more
11-23-2020
11:56 AM
Hello Experts, I tried to find any information to assist with understanding if some log export protocols taxing CPU (Management and DP) more then others. Perhaps ones DP pass log events to MP it is for Management to package and ship the logs, therefore, as long as some rules has logging enabled, the DP load will be the same regardless of the protocol used. 1. Is there any information to help with estimates on additional CPU load for Syslog log destinations? What about HTTP log destinations? 2. Can I save some CPU using TCP vs UDP syslog? Any other fiddling? Obviously logging on session end only will generate 2x less log amount. The platforms in question are 8xx and 30xx. Regards Serg. Some notes: List of logging protocols from documentation - Use External Services for Monitoring Point in time stats via "show running logging" KB listing "platform limits" here - Panorama Sizing and Design Guide It is also referencing CLI tool - " To check the log rate of a single firewall, download the attached file named " Device.zip ", unpack the zip file and reference the README.txt file for instructions. This package will query a single firewall over a specified period of time (you can choose how many samples) and give an average number of logs per second for that period. At minimum this script should be run for 24 consecutive hours on a business day. "
... View more
11-23-2020
10:14 AM
@adamirinaga same story - I'm unable to login for normal admin session, until device removed from the plugin. Running most recent 8.1 on the firewall. I cannot create an administration session in the console after adding a device to the extension.
I get stuck in an infinite loop of getting sent back to the login prompt.
... View more
11-23-2020
10:11 AM
@kiwi Great plugin! If it still maintained and developed, can you please add "show system statistics session" application stats? CLI produces stats like this, it would be nice to be able to see it in the plugin with column sort option Virtual System: vsys1
application sessions packets bytes
-------------------------------- ---------- ------------ ------------
webex-base 9101 3493168 2144630609
amazon-chime-base 65 7148773 2050610692
sip 395224 13441182 6298349154
ntp 148277 11361422 1961579021
google-meet 9360 3183189 1954286467
jamf 1260 2049216 1889086258
facebook-video 2065 2039745 1848574751 Palo Alto Networks did great progress with improving Global Protect load monitoring. There are new dashboards in newest OS. Perhaps this plugin can be extended to display simple stats from older version from the commands like show global-protect-gateway statistics Thanks!
... View more
11-23-2020
09:55 AM
@VGiyenko re " what is the difference between the two graphs " Mbps vs Pps (Packets Per Second)
... View more
09-11-2020
02:13 PM
@jmeurerwith regards to your statement You may see a nominal performance increase by running the bigger instance size due some of the underlying AWS hashing to hardware. The increase will be no where close to the performance of running a VM-300 on the same instance types. Thank you for sharing the first-hand experience with running VM-100 and VM-300 on the same instance type. Perhaps the difference is due to the number of VCPUs used by bata plane.
... View more
09-11-2020
06:07 AM
Similar to physical firewalls there is the management and data plane separation. And there is (at least one) dedicated CPU assigned to the management. I'm getting there but still confused. In one hand there is a document (see below) telling unlicensed CPUs allocated to management. In the other hand, my SNMP monitoring only reports two CPUs back. Does my VM-100 in AWS effectively only has 1 VCPU for traffic? From VM-Series System Requirements The number of vCPUs assigned to the management plane and those assigned to the dataplane differs depending on the total number of vCPUs assigned to the VM-Series firewall. If you assign more vCPUs than those officially supported by the license, any additional vCPUs are assigned to the management plane. Total vCPUs Management Plane vCPUs Dataplane vCPUs 2 1 1 4 2 2 8 2 6 16 4 12
... View more
09-11-2020
05:55 AM
Update: I discovered that SNMP monitoring does indeed only report 2 CPU and does individual graphs got each. Now I'm suspecting AWS CloudWatch graphs does not represent true AWS VA firewall load. This is because AWS combines the load of 4 VCPUs (2 busy and 2 totally idle) and therefore in this situation, AWS CloadWatch results need to be multiplied by two (to compensate for CPUs provided by AWS but not used by firewall software) My sample data for a firewall I'm examining (24 hours - but it can not be compared because in a massive difference in polling frequency and methods) AWS CloudWatch: SNMP monitoring:
... View more
09-11-2020
05:31 AM
As you already discovered this is per design. I believe not only Palo Alto but any registered partner can issue 30days VM-100 licenses. It is a well-known limitation documented in the admin guides and KB here - No Logging in Unlicensed VM-Series Firewall
... View more
09-11-2020
05:27 AM
Hello Experts, Please help to understand what happens when one runs AWS VM-100 (2 VCPU limit) on M4.xlarge or M5.xlarge (4 VCPU onboard). It works fine. But it seems like two of four VCPUs are staying idle in such setup. Would you agree? I tried to use CloudWatch to see core specific CPU utilization, it is only display overall stats and does not show per VCPU stats Please see some bits from my research below. Regards, Sergg Details about VM-100 virtual hardware support VM-Series on Amazon Web Services Performance and Capacity Details about amount of the resources supported by VM license type from VM-Series for AWS Sizing Please note – VM-100 does only support 2 VCPU Details about AWS EC2 types Details about EC2 instances from https://aws.amazon.com/ec2/instance-types/ Please note xlarge instances provide 4 VCPU (while VM-100 can only consume 2 VCPU) M4 options: M5 options: Details about declared VM throughput From VM-Series on Amazon Web Services Performance and Capacity
... View more
08-13-2020
05:02 AM
I think i found an answer to one of my questions in Prisma Cloud Licensing and Editions Guide Serverless Defender licensed per millions of invocations: Serverless function config checks are not counted (no license consumption)
... View more
08-13-2020
03:56 AM
Hello Prisma Cloud Experts, I'm fairly new to CWPP and tried some native and free options and looking at commercial products now. VNETs, Traditional compute and private endpoints are not difficult to grasp, while the transition to serverless is slightly more complex. What parts of the Prisma Cloud product should the customer use when assessing Serverless Lambda security? Am I right understanding what with regards to AWS Serverless there are two modes - initial assessment (can be done without any modifications to Lambda) and continuous protection (requires some additional code to be added). What about checking IAM rules for security? Are there features in the Prisma Cloud adding additional value on the top of IAM Analizer? Is there a built-in code review for Lambda? Lastly, can you please confirm that all features from PureSec, Twistlock, Evident.io and the rest are fully integrated (or perhaps discontinued) - and the only place I should be reading/looking is documentation at https://docs.paloaltonetworks.com/prisma/prisma-cloud Perhaps there are too many questions for one post, and I should do my own research first. Just trying easy option asking experts first 😉 Regards, Serg
... View more
Labels:
- Labels:
-
Compute Edition
-
Prisma Cloud
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
