Cerner's back.. Praise God. 🤣Aww. we love ya brotha. We've all been there! Btw, loving that print over the left shoulder, surely brings peace and solace.
Yeah, even though I know it will come back up, I still get nervous bringing it down because of that little seed of doubt that lives in my brain. I pray a lot before this type of work. God bless!
Grace and Peace 2 U on this Sunday morning from sunny NC! Thank you very much for this video! I'd love to see the follow up on this issue! This test was very interesting. It's always frustrating when a test fails but we tend to learn things from failure so that the next time it's easier, as followers of Jesus, we well know that!😊I always enjoy your videos where you show us your day 2 day! and also look forward to some more aviation videos! I'm obsessed with with all things aviation as well as tech!😆 Well brother, you be well, be safe and God Bless!
I'll definitely do a followup video that shows a before and after of the v-wire config removal. Followed by another firewall failover test. Which will be successful! God bless!
Sounds like a good plan to move the cerner directly to the firewall. There are good use cases for vwire when you can't move the device to their own subnet, but in this case it should be a pretty simple task.
Almost simple enough that I think I could do it. Though I'm telling management it's very complex. Kind of true. Having one vendor do the switch configs while another vendor does the firewall configs rather than having one network admin doing both seems prudent. And better for my heart and blood pressure.. God bless!
I've been working on Paloalto for 8 years and working for paloalto for 4 years.. I typically drop 1 ping on a failover. If its more then that something is not done correctly in your stack.
The vwire was initially set up when we had a different switching architecture. Now we're trying to fit a square peg into a round hole. We are going to ditch the vwire and move the L3 address of the subnet the vwire is on, to the firewall itself. Sometimes we don't even drop one ping on the other interfaces when we fail over. God bless!
Yes, the title was a little click-baity. It was a useful exercise that didn't provide the desired outcome. This isn't over. Thank you, happy Holy Week to you and enjoy Resurrection Day! God bless!
I think you are asking about Flex-UNI maybe? No, we manually mapped and tagged each of the needed VLANS on the switch ports the firewalls connect to. This was an Extreme Networks design decision. Probably because it was easier for me to understand. God bless!
Salam alikoum akhi how is going your life you are a good man can I ask a question so if I have ccna nse4 this is let me to work as a network administrator entry level and how much I can gain money thank you
Mightve been better to screen record while you were recording with camera and stitch together during editing but understandably there's probably sensitive data there so I can see why you didn't if that's the case
In the video I said I'd like to show people a better view of what was going on but I just didn't want to show the Internet the inner workings of my firewall. God bless!
There are two HA connections between the firewalls and then a heartbeat connection. So we have three connection between the two firewall. If a firewall doesn't respond to heartbeats on one of the HA connectoins it will fail over. One of those HA connections is firewall state and session info so that we can have our wonderful hitless failovers. We can also monitor the network interfaces into the firewall. If a critical interface goes down (like the inside, outside, WAN, or DMZ connection) the firewall will also fail over. Hope that clears it up. God bless!
@@NetworkAdminLife I don't think any of those three could trigger a failover for the cerna connection, if I recall from one of you other videos, you a passing through the firewall with that connection, so it would be transparent to the firewall. in a nutshell the firewall can't hand it over as it isn't actually handling it.
Thank you for everything.
You're welcome. God bless.
Lunch is on me my friend. God bless.
Totally not necessary but I appreciate the generosity. The good person out of the good treasure of his heart produces good. Luke 6:45.
God bless!
Cerner's back.. Praise God. 🤣Aww. we love ya brotha. We've all been there! Btw, loving that print over the left shoulder, surely brings peace and solace.
Yeah, even though I know it will come back up, I still get nervous bringing it down because of that little seed of doubt that lives in my brain. I pray a lot before this type of work. God bless!
Grace and Peace 2 U on this Sunday morning from sunny NC! Thank you very much for this video! I'd love to see the follow up on this issue! This test was very interesting. It's always frustrating when a test fails but we tend to learn things from failure so that the next time it's easier, as followers of Jesus, we well know that!😊I always enjoy your videos where you show us your day 2 day! and also look forward to some more aviation videos! I'm obsessed with with all things aviation as well as tech!😆 Well brother, you be well, be safe and God Bless!
I'll definitely do a followup video that shows a before and after of the v-wire config removal. Followed by another firewall failover test. Which will be successful! God bless!
@@NetworkAdminLife Thank You!!
sorry the test failure but glad to hear you already have contingency for what to do next...all the best, God bless
Absolutely and I'll be bringing you all along for the next phase of this adventure. God bless!
Sounds like a good plan to move the cerner directly to the firewall. There are good use cases for vwire when you can't move the device to their own subnet, but in this case it should be a pretty simple task.
Almost simple enough that I think I could do it. Though I'm telling management it's very complex. Kind of true. Having one vendor do the switch configs while another vendor does the firewall configs rather than having one network admin doing both seems prudent. And better for my heart and blood pressure.. God bless!
Love the Motorola radio on the desk :) Good video !
Those are my lifeline to the hospital engineering group! God bless!
Thank you sir. Regards from Belgrade Serbia 🇷🇸✝️
You're welcome. God bless.
Keep us updated! Curious to see if the problem is fixed after moving to a layer 3 interface instead of a vwire
Will do. We ALL want closure on this problem. God bless!
I've been working on Paloalto for 8 years and working for paloalto for 4 years.. I typically drop 1 ping on a failover. If its more then that something is not done correctly in your stack.
The vwire was initially set up when we had a different switching architecture. Now we're trying to fit a square peg into a round hole. We are going to ditch the vwire and move the L3 address of the subnet the vwire is on, to the firewall itself. Sometimes we don't even drop one ping on the other interfaces when we fail over. God bless!
It didn't work but it isn't a failure if you learned one more way to configure it where it doesn't work. Happy Palm Sunday!
Yes, the title was a little click-baity. It was a useful exercise that didn't provide the desired outcome. This isn't over. Thank you, happy Holy Week to you and enjoy Resurrection Day! God bless!
Hi did you try to use the T-UNI feature between those palo and the fabric?
I think you are asking about Flex-UNI maybe? No, we manually mapped and tagged each of the needed VLANS on the switch ports the firewalls connect to. This was an Extreme Networks design decision. Probably because it was easier for me to understand. God bless!
great faliure... at least you now know whats not behaving itself so i guess a success too! 😊
I suppose that is the best way to look at it. God bless!
Salam alikoum akhi how is going your life you are a good man can I ask a question so if I have ccna nse4 this is let me to work as a network administrator entry level and how much I can gain money thank you
It depends on the employer but a CCNA is a good solid start. ليعتني بك الرب دائما
@@NetworkAdminLife thank you mister appreciate it akhi 💪
Hey Network Admin life. It's been a while. I would look into chaos engineering online so you can do a calm firewall failover.
Ha! Until we get this situation ironed out I don't think there is any such thing as a calm firewall failover for me. LOL! God bless!
Mightve been better to screen record while you were recording with camera and stitch together during editing but understandably there's probably sensitive data there so I can see why you didn't if that's the case
In the video I said I'd like to show people a better view of what was going on but I just didn't want to show the Internet the inner workings of my firewall. God bless!
what triggers the failover? is it port based, path based, or ping based?
There are two HA connections between the firewalls and then a heartbeat connection. So we have three connection between the two firewall. If a firewall doesn't respond to heartbeats on one of the HA connectoins it will fail over. One of those HA connections is firewall state and session info so that we can have our wonderful hitless failovers. We can also monitor the network interfaces into the firewall. If a critical interface goes down (like the inside, outside, WAN, or DMZ connection) the firewall will also fail over. Hope that clears it up. God bless!
@@NetworkAdminLife I don't think any of those three could trigger a failover for the cerna connection, if I recall from one of you other videos, you a passing through the firewall with that connection, so it would be transparent to the firewall. in a nutshell the firewall can't hand it over as it isn't actually handling it.
Nice, a successful failure.
Indeed! That is exactly the tl;dr version. God bless!