This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About spetty01
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About spetty01
02-14-2018
2Posts
0Likes
0Solutions
Feb 14, 2018Last Visited
User
Activity
User
Profile
Latest posts by spetty01
| Subject | Views | Posted |
|---|---|---|
| 2043 | 12-18-2017 11:59 AM | |
| 2048 | 12-18-2017 09:33 AM |
User Badges
Community Statistics
| Member Since | 12-18-2017 09:18 AM |
| Date Last Visited | 02-14-2018 10:51 AM |
| Posts | 2 |
12-18-2017
11:59 AM
@niyengar wrote: Hello, In AWS the firewall needs to have an interface in the subnet for it to be able to see the traffic. One other solution is to use a Transit VPC. This will be a centralized VPC with firewalls and then other VPCS with variouis APPS connect to this VPC to send data out (outbound protection) and you can also achieve inter-VPC security. We are working on a fully automated solution and it should be relased in the next few weeks. @You can contact your SE and have them setup a meeting with folks here @ paloalto networks and we'll be happy to give you an overview. Great... sounds intriguing. I submitted a request online but haven't heard. Is there an easier way to identify the SE that would handle our account?
... View more
12-18-2017
09:33 AM
Very new to VM-300 and PA, deploying it in AWS with 2 availability zones. We'd like to have 3 private subnets in each AZ - DMZ, application, and data, as well as a public subnet for the EIP interface. Ideally all traffic between subnets would flow through the VM-300, but this doesn't seem possible to us without multiple NICs, one per subnet. Is that accurate? I'm trying to understand what best practices are with this architecture. Should we simply call public untrust and everything else trusted, and then just have one NIC in each, or is there a way that we can have all traffic between the subnets, or at least between the DMZ and others transit the VM-300? The limitation of course on NICs is cost - the instances with 8 network interfaces are prohibitively expensive for a firewall. Any suggestions would be appreciated.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
02-14-2018
10:51 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks