Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About mcronin
About mcronin
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
09-26-2019
08:39 AM
My current role is as a Network Architect and I am working with our security team to get some Palo Alto firewalls setup to provide GPVPN access and also IPSEC b2b connectivity. Our initial design has a single external public address to host the GPVPN traffic and the IPSEC b2b traffic and works ok. We are currently discussing the option of implementing a 2nd public address so that we can split the GPVPN and IPSEC b2b traffic on to separate interfaces which seems to make sense. We are also hearing from the security department that they would like to see each IPSEC b2b tunnel terminated on an individual public IP address which we are going to discuss. What are your thoughts on this Option 1 - Stay with a single public IP to terminate GPVPN and b2b IPSEC tunnels Option 2- Have a Public IP for GPVPN and a 2nd Public IP's for "ALL" b2b IPSEC tunnels Option 3 - Have a Public IP for GPVPN and multiple Public IP's - 1 for each IPSEC tunnel 20 tunnels - 20 public IP's 50 tunnels - 50 public IP's I am expecting a lot of people to come back with either option 1 or option 2 but I am interested to see if anyone thinks option 3 is a good idea.
... View more
09-03-2019
02:30 PM
This is purely theoretical and does not represent a real network. You can think of this as on prem or public cloud:- Monolithic This design utilizes 3 physical firewalls that are embedded in a data center fabric • Perimeter • B2B • DC The main focus of my question is on the DC firewall, as you can see segmentation is derived by using traditional zones. There are some people that like this design as its very simple and it has been used for years. Virtualization This design utilizes 3 physical firewalls that are embedded in a data center fabric • Perimeter • B2B • Virtualized (vfw’s) The main focus of my question is on the Virtualized firewall, as you can see segmentation is derived by creating virtualized firewalls that represent the Environment that we are trying to segment. There are some people that like this design as it provides greater audit capabilities on environments like PCI x and y - Can you provide a short paragraph on what your thoughts are – what do you see as the pro’s and con’s to each design. Which one is better for on prem? Which one is better for public cloud? Which one would provide better audit capabilities? Which one would provide better automation / orchestration capabilities? Which one is more agile ?
... View more
10-29-2019
2Posts
0Likes
0Solutions
Oct 29, 2019Last Visited
User
Activity
User
Profile
Latest posts by mcronin
| Subject | Views | Posted |
|---|---|---|
| 991 | 09-26-2019 08:39 AM | |
| 421 | 09-03-2019 02:30 PM |
User Badges
Public Statistics
| Date Registered | 11-11-2016 11:40 AM |
| Date Last Visited | 10-29-2019 02:39 PM |
| Total Messages Posted | 2 |
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-29-2019
02:39 PM
|
Latest Tags
No tags yet
Latest Blogs
Latest Posts
Copyright 2007 - 2020 - Palo Alto Networks
