Palo Alto Training | Panorama Device Groups
ฝัง
- เผยแพร่เมื่อ 5 ต.ค. 2024
- In answer to my recent community poll (thank you to everybody that voted) this video shows the use cases and how to configure Palo Alto Panorama Device Groups.
Device Groups are used to logically group firewalls into Locations, Functions or simply for convenience sake, aggregating and standardizing policies and objects across multiple firewalls.
#paloaltonetworks #paloaltofirewall #paloaltofirewalltraining #paloalto #firewall #panorama
![[LIVE] : ONE ลุมพินี 82 วันนี้!! คู่เอก | ยอดไอคิว vs อับดัลลาห์](http://i.ytimg.com/vi/hSsyTl_9bqs/mqdefault.jpg)
Thank you for taking the time to make this video. It was easy to follow and understand the concepts.
Thank you very much for watching!
One of the best video on DG
Thank you very much, I am glad that you found it helpful and I massively appreciate the comment!
great content, very informative, thanks!
Thank you very much for watching!
Nice video! Great info and details. Cheers
Thank you very much for watching!
Well explained. Thank you.
Thank you very much for watching!
Question regarding your process at about 25:00. What if you used a variable in the reference template of the device group on the interface and then targeted any device using the variable? Would it use the correct IP for the specific firewall if you overwrite the variable in the template stack for that specific device like you show later in the video? Or would it use whatever the value is in the reference template?
Hi,
Reference templates are primarily used to reference the objects contained within them when writing policies. This is helpful as it populates the dropdown options. It's important to note that interfaces on the device don't really come into play here because the firewalls are zone-driven. The value seen in the reference template has no bearing on the value displayed in the template stack. The displayed value will initially be the variable as defined when you created it, and then it will change to the overridden value once you have updated it to the value you require, and then that overridden value will be pushed to the firewall.
Hope this helps and thank you for watching!
Can you tell me if I see any action allow in logs but session end reason is aged out and application is incomplete , received bytes is 0 what need to check ..?
Hi Syed, that is definitely getting no reply, of course if the traffic is UDP you would expect the aged-out but TCP should not be, I would look at routing, make sure that you are sending the traffic where it is supposed to go, for any external traffic (to the internet) make sure you have a NAT rule to cover that traffic so it knows how to reply, PBF can sometimes get in the way without us realising as it takes precedence over routing table or static routes, application incomplete is because you are getting no reply, you need around three or five packets to detect the application.
Hope this helps.
Thanks for watching!
Thank you so much I watch your video and learnt a lot. Keep the good work going 😊