This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About kpotru
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About kpotru
11-15-2018
14Posts
2Likes
0Solutions
Nov 15, 2018Last Visited
User
Activity
User
Profile
Latest posts by kpotru
| Subject | Views | Posted |
|---|---|---|
| 1758 | 07-13-2018 06:38 AM | |
| 2023 | 03-13-2018 10:15 AM | |
| 2026 | 03-13-2018 10:10 AM | |
| 2035 | 03-13-2018 08:41 AM | |
| 1716 | 03-12-2018 11:59 AM | |
| 1739 | 03-08-2018 01:10 PM | |
| 3008 | 03-07-2018 12:22 PM | |
| 1547 | 03-05-2018 11:49 AM | |
| 1560 | 03-05-2018 08:00 AM | |
| 1164 | 03-05-2018 07:25 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 2 Likes | 07-13-2018 06:38 AM |
User Badges
Community Statistics
| Member Since | 10-23-2017 02:59 PM |
| Date Last Visited | 11-15-2018 10:59 AM |
| Posts | 14 |
| Total Likes Received | 2 |
07-13-2018
06:38 AM
2 Kudos
Hi Guys my customer is in the heat of battle with policy and NAT review, but I wanted to toss something out there regarding the advertising/redistribution of the NAT space. There’s some discussion on how to advertise the NATs (aka non-connected or routes not in local table), and I want to make sure we have a consensus. Adding static routes versus using a redistribution rule? It was discussed that we would need to add static routes for all the NATs, and set the next hop to whatever the “real” address uses. As we are advertising statics, this would send the routes downstream. Although I’m curious what that would do to the local route table, as the NAT IPs themselves are not technically “next-hop” routed. I’ve never, personally, added static addresses for the NAT IPs, so I don’t have experience with this…which is why I ask the questions. J Is there a reason we wouldn’t just add the NAT addresses/subnets/whatever as an entry in the redistribution rules? Aggregating where we can, or using host routes. https://live.paloaltonetworks.com/t5/Configuration-Articles/BGP-Redistribution-Rules-to-Explicitly-Advertise-Host-Routes-and/ta-p/63123 Conceptually I had this idea, just didn’t know what “button to push”. Customer need to advertise non-connected address space used by the NATs. So I’m curious what the best practice would be. Thanks in Advance.
... View more
03-13-2018
10:15 AM
Well lto be honest I don't have a clear idea about that it's from the customer he just want's to know if he can have those limitations.
... View more
03-13-2018
08:41 AM
For G-site rollout effort,is there a way to write Qos policies so they apply per client IP flow when they are communicating to google IP address? A way to give rate limiting per client IP(thousands of clients) for google destination IP? The keyword is per client, so everyone has the same limited bandwidth. Each client IP has 165kbp's 'allocated' and they are limited to that speed....
... View more
03-12-2018
11:59 AM
Well thanks for the response. So customer is basically requesting for a Global protect Portal best methodology.
... View more
03-08-2018
01:10 PM
Hi does any one any documentation for the portal where can we use same portal for global protect and User-ID or documentation fro best methodology for the setup.
... View more
03-07-2018
12:22 PM
My requestors wants to perform Vulnerability scanning on the Palo Alto firewall devices and they want to whitelist the Qualys devices residing on ON-Prem. So my question is do i need to create security rule or make modifications to vunerability or allow those scanners on the management interface? They provided me the scanner IP's that they wan to whitelist.
... View more
03-05-2018
11:49 AM
So had the solution for this basically it's the wrong message they sent us they were trying to setup DaaS and they want to know if they have device group named DG-DaaS under the device group DG-AWS_DQA which already exists.
... View more
03-05-2018
08:00 AM
Is it possible to use DG layering to solve DaaS Zone issue?? 1. Can we create a DG-DaaS whose parent will be ‘DG-AWS_DQA’. 2. Assign Seattle DQT firewall to DG-AWS_DQA 3. Assign Ashburn n future Chicago to DG-DaaS (since it has DG-AWS_DQA as parent, it will have both DaaS and DQT rules attached) Not sure if this will work or I’m missing basic configuration that needs to be taken care of. any ideas?
... View more
03-05-2018
07:25 AM
Is it possible to use DG layering to solve DaaS Zone issue?? 1. Can we create a DG-DaaS whose parent will be ‘DG-AWS_DQA’. 2. Assign Seattle DQT firewall to DG-AWS_DQA 3. Assign Ashburn n future Chicago to DG-DaaS (since it has DG-AWS_DQA as parent, it will have both DaaS and DQT rules attached) Not sure if this will work or I’m missing basic configuration that needs to be taken care of. any ideas?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-15-2018
10:59 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks