AWS Transit VPC GitHub Solution Question #2 - Access Denied
Has anyone encounted an access denied error for the cloudTrailLambda getting to the Transit VPC S3 bucket?
Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.
Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.
Has anyone encounted an access denied error for the cloudTrailLambda getting to the Transit VPC S3 bucket?
Hi All,
Anyone encountered issue while deploying arm template from this link: "https://github.com/PaloAltoNetworks/Azure-interface-options"? i cannot seems to add it to my existing resource group using all the options. The error i have is as below.
According to the documentation, if you don't have an ELB sandwich then there is a one to one relationship between the firewall and the back end server. I spoke to support and the answer was the fact that you can only have one ENI attached per subnet.
...
Does any one know for the following solution (https://github.com/PaloAltoNetworks/aws-transit-vpc) if you are have a shared services account where the Transit devices are going if the initialize Transit CFN and the Subscriber CFN both have to be run
...
Good day! How'd you doing guys?
I've faced one situation about integrating user-id on AWS environment.
VM firewall's running on the AWS and newly created server, which is AD also running on the AWS too.
I've checked the both the VM firewall and the A
...
Hi All, im trying to spec up a resilient HA solution for the VM-300 series PAYG bundle 1 option within azure, and just need the following clarified:-
- if i were to purchase the VM-300 option 1 bundle (https://azuremarketplace.microsoft.com/en-us/mark
...
Cross posting from the github repo.
Is there a reason why stack names longer than 10 are not supported? What are the constraints that limit this number?
I have a customer who has stack names that are > 10
Hello,
Just curious if anyone has deployed a PAN on Googles platform and what your experience was.
Thanks in advance!
I have a support call scheduled for tomorrow but if anyone has any ideas about this that would be greatly appreciated.
I deployed the classic ELB template example successfully. My customer then took the firewall.template and integrated it into their
...
So I deployed this template exactly as described on the site. I kept all the default pre-populated settings where possible and used my own S3 buckets. Tried it both with and without nat gateways. This is with 3 AZ in us-east-1.
All the AWS artifacts
...
Hello,
I built the sandwich type with external ELB & internal ELB.
As you know, external ELB shifts original client IP to X-Forwarded-For.
I enabled 'Use X-Forwarded-For Header in User-ID and I looked XFF IP in user-id of URL Filtering logs.
But PA has
...
So frustrating! I have been trying to register with Palo Alto so I can be authorized to use my VM I set up in AWS. No one I have asked seems to know where I can get the following information to use my VM and see the PA portal. If anyone can tell me
...
Some basic cost based questions here from a newbie:
After deploying Bundle-1 of the PAYG VM-300 series from the Azure Marketplace:
- if I "stop" the instance, I won't get Azure compute charge BUT will Palo Alto continue to charge me for the license or
...
Folks,
We have provisioned a Palo Alto Firewall in one of the AWS VPC. This is essentially a single legged deployment and the function of this firewall will only be to act as a transit firewall.
This firewall will have VPN connectivity to the corporat
...
I've a private subnet in AWS that needs to be locked out from Internet access. But the instances in this private subnet need to access specific set of hosts (say update.java.com, update.ubuntu.com etc). Obviously the IP address associated with these
...