This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

About Dynam0

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Dynam0
‎02-22-2023
since ‎11-02-2021
L1 Bithead
User Activity
User Profile
User Badges
Community Statistics
Member Since ‎11-02-2021 04:32 PM
Date Last Visited ‎02-22-2023 09:23 PM
Posts 5

HA in Azure with Extra Zones

by in VM-Series in the Public Cloud
‎02-22-2023 02:45 PM
‎02-22-2023 02:45 PM
Hi all,   I've setup 2 VM series in HA in Azure for north-south traffic and it works well with the floating IP moving after a few minutes during failover. We want to add east west traffic flows with extra zones. Does the extra zones require the same interface configuration? 10.x.x.4/32 10.x.x.5/32 10.x.x.6/24   When adding an additional zone, is the best practice to join this zone to the Trust-VR and add the required routes?   Thanks in advance. ... View more

Re: HA Missing Operational Commands Tab

by in VM-Series in the Public Cloud
‎01-12-2022 06:41 PM
‎01-12-2022 06:41 PM
Thanks Dmaynard. I have upgraded to 10.0.8h8 and the tab is now there. ... View more

Re: 2 VM series HA Setup in Azure with ELB

by in General Topics
‎11-05-2021 08:30 AM
‎11-05-2021 08:30 AM
For the deployments I've overseen for my customers, most actually went with a dedicated deployment model (1 NGFW for egress, 1 for ingress). This is because Azure is VM-based, so spinning up a passive instance and actively shaping traffic to it does take time as noted, and no public cloud provider puts an SLA on their API calls. I've seen up to 40 minutes, before. Please see our technical documentation on this here.    The load balancer sandwich allows for horizontal scaling, if you need additional bandwidth/compute resources to scale up. For example, you could active/active an ingress pair for your requirement of "a firewall ready to move traffic during upgrades."   See our detailed template for this deployment here.   Basically you just need to add interface profiles to each untrust/trust interface allowing ping access for the health polling in Azure. Then you would write rules of 0.0.0.0/0 next hop out the untrust interface and the same for trust. In security policy you would specify which applications, users, IP addresses, etc are allowed to send what traffic where. The NAT should be handled by your external application load balancer.  ... View more

Re: Inbound Traffic to Azure Public Load Balancer

by in VM-Series in the Public Cloud
‎11-02-2021 04:39 PM
‎11-02-2021 04:39 PM
Hi Dashnet,   Do you have to change the static routes in the trust and untrust VR to point to the LB? Can you please share a screenshot of your PA NAT and security rules? The ELB only has a public IP which points and checks the untrust interface of the PA. I don't believe the ELB requires an internal IP which the PA NATs to. ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎02-22-2023 09:23 PM
Latest Tags
No tags yet
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks