This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
About Mushussu
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Announcements
We are conducting regularly scheduled maintenance over the weekend, which could cause some downtime on LIVEcommunity. We apologize for any inconvenience.
- LIVEcommunity
- About Mushussu
05-30-2022
3Posts
0Likes
0Solutions
May 30, 2022Last Visited
User
Activity
User
Profile
Latest posts by Mushussu
| Subject | Views | Posted |
|---|---|---|
| 297 | 05-18-2022 01:33 AM | |
| 386 | 05-17-2022 02:45 PM | |
| 890 | 09-09-2021 09:57 AM |
User Badges
Community Statistics
| Member Since | 09-09-2021 06:46 AM |
| Date Last Visited | 05-30-2022 07:39 AM |
| Posts | 3 |
05-18-2022
01:33 AM
Thanks @rmfalconer that seems to have done the trick. @Astardzhiev advertising a public NAT range is exactly what I'm trying to do and many thanks for the explanation as to why it needs to be done this way for such cases.
... View more
05-17-2022
02:45 PM
Hi all, i'm not having much joy getting this working. I have created a static route for a subnet which I am trying to advertise to an eBGP peer. I then created a redistribution profile with only static enabled I then added that profile under bgp Redist Rules. The BGP peering is definitely established and I am able to redistribute a Connected route no problem. I tried it with and without export rules and that made no difference. I tried all the steps in this page https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNt2CAG I've been beating away at it all day and have ran out of ideas. Any thoughts on what I might be missing?
... View more
09-09-2021
09:57 AM
Hi all, This is my first post on this forum. I am also a brand new Palo Alto customer and we just purchased a pair of 3220 firewalls. As the subject says my question revolves around HA as I would like to start putting together a plan for design and deployment. My question is probably really stupid but I just want a bit of clarification on how an active/passive deployment works, as opposed to active/active. After reading around i can see that active/passive is the favoured option, even by Palo Alto. Having read this documentation: https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/pan-os/10-1/pan-os-admin/pan-os-admin.pdf where it says: Active/Passive— One firewall actively manages traffic while the other is synchronized and ready to transition to the active state, should a failure occur I'm a little unsure what this means, does that mean that no traffic will pass through the passive firewall? Or, will both firewalls process traffic but only the active firewall "manages" the traffic with policies? To add a little context, we have 2 connections out to the internet each of which is being protected by it's own firewall. Both connections are to the same ISP. In our current setup the two firewalls are managed independently and have their own policies. Where i want to be however when we replace our existing firewalls with our new Palo Alto's is to cluster the two devices, i.e. the same policies replicated across both firewalls. But obviously i don't want to end up in a situation where we have an internet connection with zero traffic utilization where the passive device will be, and it only gets utilized when the primary active firewall fails. The connection between the two firewalls internally are all L3. I was informed by our PA partner SE that in order to achieve active/passive I will need to convert our L3 internal WAN links to L2. I am not too keen on doing that unless i absolutely need to. It was also suggested to look at investing in Panorama to overcome the issue of managing and replicating both firewalls centrally - but according Palo Alto this product only becomes useful for managing 6 appliances or more, so not sure if this solution might be a little overkill for us. From what i've been reading active/active is only beneficial for when you have asymmetric routing, which we don't have. If anyone can advise i would be grateful and sorry again for my questions... Palo Alto is new to me and this would also be my first time configuring HA for firewalls. thanks
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-30-2022
07:39 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks