- 3
- 34 198
Cyberbulb
Приєднався 29 гру 2013
This is my Tech Channel, I created it to share my knowledge.
My Name is Islam Saeed. I am a Cyber Security Advisor with more than 10 years of experience. I am also Palo Alto Certified Trainer. I hold PCNSC, PCNSE, and PCNSA Certifications.
If you have suggestions or questions, you can reach me using my personal email:
islam.saeed1987@gmail.com
My Name is Islam Saeed. I am a Cyber Security Advisor with more than 10 years of experience. I am also Palo Alto Certified Trainer. I hold PCNSC, PCNSE, and PCNSA Certifications.
If you have suggestions or questions, you can reach me using my personal email:
islam.saeed1987@gmail.com
Palo Alto Networks IPsec VPN Troubleshooting
Troubleshooting ipsec vpn in Palo Alto Networks Firewall
Переглядів: 3 605
Відео
Palo Alto Networks Firewall - ISP Load balancing using ECMP
Переглядів 9 тис.2 роки тому
Through this video, you will learn the necessary steps to configure load balancing using ECMP "equal cost multi-path" and automatically detect link failures using path monitoring.
Configure Palo Alto Networks PANOS SDWAN
Переглядів 21 тис.2 роки тому
Through this video, you will learn how to configure paloalto panos sdwan. for a detailed guide refer to the following link: docs.paloaltonetworks.com/sd-wan/3-1/sd-wan-admin
Nice video and good explaination. Why do we have the sdwan.1 manual VIF since the Auto-VPN is creating sdwan.902? Can't it cause a conflict.
There's no one way to do it. You can use autovpn or manual SD-WAN. Also routing can be static or dynamic using bgp. But I prefer not to mix. If your wan topology is simple you can go for manual / static.
Fantastic explanation and demo. Bravo!
This also helped me with my configuration. Thank you very much.
Can you show me the Zones on the Panorama ?
If it is a green field it is better to create the following zones on panorama and use them zone-internet, zone-internal, zone-to-hub, and zone-to-branch
Creat the following zones on panorama: zone-internal zone-internet zone-to-hub zone-to-branch
Awesome! thanks
Is very helpful, thanks!!! Good lesson. 7:34
Why symmetric returns is important ?
if you have published services this option guarantees the return traffic is using the same internet link
keep it up
This helped me with my configuration. Thanks
Helpful video
thankyou , quick and very effective troubleshooting steps.
Very helpful!
No se agrego la politica de seguridad de LAN a las nuevas WAN.
Can we have Branch to Hub and also branch to branch ? also can we route an application through specific link ?
Yes, you can. Branch to branch is through hub or may be direct if you choose mesh instead of hub and spokes in vpn cluster config
Could you also show the virtual router configurations?
BGP configured using sdwan plugin auto configures virtual router. connected routes for branches are advertised using bgp. subnets added under hub "prefixes to redistribute" are reachable from branches through bgp routes as well. if you wish to use static routes, it will be another story to tell may be on my next video!
@@Cyberbulb got it I had issues with the loopback interface after fixing that the BGP was established I still have 1 more problem. Internet from zone-private to zone-internet does not work I do not see any hit counts on the nat policy which i have configured.
if you have mapped the zones use the original zones in the policy like from trust to untrust as an example also check static default route that sdwan automatically create on the firewall with metric 5 @@gouthamm.n2644
good
Thank you for your video. I have a bunch of branches and one hub. These branches are currently connected to the hub by IPSec tunnels, one for each branch. The tunnels are also part of the internal zone; therefore, we have L3-Trust (the internal network and tunnels) and L3-Untrust. If I want to use SD-WAN, should I define a third zone for tunnels? How should I map the zones?
create zone-to-hub and zone-to-branch and map L3-Trust with internal and L3-Untrust with internet
it was helpful, thanks.
Hello, Panorama is not necessary in order to implement SD-WAN, right?
it should work without panorama as its role is the automation of VPN tunnels configurations and better monitoring
Most everything you do with multiple PAN firewalls will use Panorama as the central point. Whether you HAVE to or not (which I honestly think you do), it's going to be a lot less of a migraine if you have at least a PA-VM on your network.
Much appreciated, May I know the difference between the above configuration and the CloudGenix ION device configurations from Prisma-SDWAN portal.
This is the sdwan integrated feature in paloalto ngfw. Cloudgenix is a dedicated sdwan solution.
@@Cyberbulb that is absolutely right. Lemme put my query in different way, what is the difference between the PANW's dedicated SDWAN (CloudGenix) methodology vs the PA-NGFW PANOS integrated SDWAN.
Thanks for sharing the video.
Please help with pcnse certification
This was a great and concise explanation of Strata SD-WAN and its initial setup and requirements. Thanks for the vid, I think you've earned another subscriber!
Good job 👍
Amazing!