Our PAN SE keeps recommending to me to follow the recommended deployment guide but I'm having a hard time accepting this recommendation especially after watching this video. As a result, I just have more issues/questions/concerns. For example, outbound traffic is showing in traffic log on the same "from" and "to" zone. That defeats the whole purpose of using zones! Also, why are there IGW's in the App VPC's? Shouldn't there only be one IGW in the VPC that the PAN's resides in?
The recommendation from Palo is to override the default allow intrazone policy with a deny but you created an allow-all rule that allows everything- not sure why.
Thanks for this video. Is it possible to synchronise configurations in such architecture with two VM-Series? If yes can you share a link which shows that?
Target group for the firewall comes up as unhealthy as you're not putting eth1/1 layer3 interface in a security zone. Also the CIDR for the security subnet needs to be added as an authorized IP for the interface management profile
If the ethernet 1/1 interface does not have any zone settings, it is confirmed that the healthcheck packet is dropped even though there is an allow-all policy. So, I created an additional zone and applied the ethernet1/1 interface, and then the unhealthy > healthy state.
@@정무현-v4y Thanks I hope I saw this earlier. I called Palo Alto support and spent 2 hours to find the same thing you mentioned. She missed that from the beginning. At 33:41, the ethernet1/1 is in zone gwlb-zone.
There's some good information here, but the narrator is going waaaay too fast, skips over some critical information, and makes a few showstopper mistakes if one copies what is going onscreen. There are some critical concepts that are glossed over in the narrator's race to the finish, leaving people trying to learn scratching their heads. There are some issues with the firewall configuration, as well as issues with some of the core setup such as subnets created. She also zooms past setting up the routes correctly in the security VPC for the GWLB endpoints. This could have been a very good video but it seems like this was done hastily. Please slow down and take more time going over each step.
A nice explanation of GWLB and integration with PAN firewall, thanks for posting.
good one. i have been waiting for this. Thank you
Wow super great . Thanks a lot mama
Our PAN SE keeps recommending to me to follow the recommended deployment guide but I'm having a hard time accepting this recommendation especially after watching this video. As a result, I just have more issues/questions/concerns. For example, outbound traffic is showing in traffic log on the same "from" and "to" zone. That defeats the whole purpose of using zones!
Also, why are there IGW's in the App VPC's? Shouldn't there only be one IGW in the VPC that the PAN's resides in?
The recommendation from Palo is to override the default allow intrazone policy with a deny but you created an allow-all rule that allows everything- not sure why.
is there any step by step guide from PANOS ? that refers this lab setup ?pls share the link. Appreciated the excellent tutorial.
Why we created 2 Transit Gateway, cant we create single transit gateway and share via resource share option?
Hello, what routes you have configured in your virtual router?
Thanks for this video. Is it possible to synchronise configurations in such architecture with two VM-Series? If yes can you share a link which shows that?
Lots of points - like Firewall routes (VR) and Security Hub routes details, Not covered.
Target group for the firewall comes up as unhealthy as you're not putting eth1/1 layer3 interface in a security zone. Also the CIDR for the security subnet needs to be added as an authorized IP for the interface management profile
If the ethernet 1/1 interface does not have any zone settings, it is confirmed that the healthcheck packet is dropped even though there is an allow-all policy.
So, I created an additional zone and applied the ethernet1/1 interface, and then the unhealthy > healthy state.
@@정무현-v4y Thanks I hope I saw this earlier. I called Palo Alto support and spent 2 hours to find the same thing you mentioned. She missed that from the beginning. At 33:41, the ethernet1/1 is in zone gwlb-zone.
There's some good information here, but the narrator is going waaaay too fast, skips over some critical information, and makes a few showstopper mistakes if one copies what is going onscreen. There are some critical concepts that are glossed over in the narrator's race to the finish, leaving people trying to learn scratching their heads. There are some issues with the firewall configuration, as well as issues with some of the core setup such as subnets created. She also zooms past setting up the routes correctly in the security VPC for the GWLB endpoints. This could have been a very good video but it seems like this was done hastily. Please slow down and take more time going over each step.
True
38:58 you static IP changed !! how can a static IP changes ? is it because an issue you were facing during the setup or anything else.