How the IP will assigned to the dynamic group, is it after completing the session or is it after reaching the specified bandwidth limit. If a user started downloading 2G files and we set the bandwidth limit to 1G, then will he be assigned to the dynamic group after he reaches 1G or after he completes the session which is completing the 2G files
Hey its excellent video on Qos .. I implemented most of the times QOS in PA FW but here i learned new way.. Dynamic Auto Tagging base Qos... Thats something ueful....But here i have a query, as per your demo , after particular data size transfer it applies the tag and Qos policy gets applied.. but for how long time it will be apply there ? When that tag will get release ? Can we scheduled that tag time if traffic gets in particular time then only force to apply the Tag and remove it after particular time ? Is this available ? Dont you think this will be helpful in live scenarios ? Again thanks for this great video..
Sagar, Yes you can have the tag removed based on several conditions: 1.)In the LFP you can have a timeout on newly added tags (PAN-OS version specific) so IPs drop out of the BHogs group after 4 hours, for example. 2.)Based on any other log scenario, like when a user re-authenticates to an internal GP gateway, or like when the same source host accesses a specific destination system (a kronos timeclock). 3.)via the XML/REST API you can clear specific/all tags at any time.
It's really difficult to answer your question because what is difficult to you may not be for me or others. My advice is to download the study guide and determine your strengths and weaknesses. (www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/education/pcnse-study-guide.pdf) There are self-study digital learning courses if you can't attend training and NetDevGroup (www.netdevgroup.com/online/courses/cybersecurity) offers inexpensive lab environments if you don't have access to a device to gain hands-on experience.
excellent video! would you please also guide how to limit per user or per session bandwidth using QoS? like i need to allocate 2Mbps for each user and since we 100s of users so creating separate policy for each user is not feasible. Thx
Limiting bandwidth on a per-user or per source-ip basis would be tough with PAN-OS as it exists today since Bandwidth limitations are based on 8 classes of traffic only. Other product types are capable of doing this with greater granularity of control, or your Palo Alto Networks Account Manager / SE can submit a feature request to have this capability added as a future enhancement to PAN-OS.
Love the coordination of colors (even if maybe accidental), the yellowish hue on one background and bluish hue on the other fit very nicely
How the IP will assigned to the dynamic group, is it after completing the session or is it after reaching the specified bandwidth limit. If a user started downloading 2G files and we set the bandwidth limit to 1G, then will he be assigned to the dynamic group after he reaches 1G or after he completes the session which is completing the 2G files
Amazing ... Very useful! Thanks so much
You're very welcome!
We encourage you to check out the LIVEcommunity page for more great information:
live.paloaltonetworks.com
I'm enjoying this so far (8:04) but I'm buffering the changing the tire analogy. Haven't dropped it yet. We will see :)
Awesome talk. Very informative.
Hey its excellent video on Qos .. I implemented most of the times QOS in PA FW but here i learned new way.. Dynamic Auto Tagging base Qos... Thats something ueful....But here i have a query, as per your demo , after particular data size transfer it applies the tag and Qos policy gets applied.. but for how long time it will be apply there ? When that tag will get release ? Can we scheduled that tag time if traffic gets in particular time then only force to apply the Tag and remove it after particular time ? Is this available ? Dont you think this will be helpful in live scenarios ?
Again thanks for this great video..
Sagar, Yes you can have the tag removed based on several conditions: 1.)In the LFP you can have a timeout on newly added tags (PAN-OS version specific) so IPs drop out of the BHogs group after 4 hours, for example. 2.)Based on any other log scenario, like when a user re-authenticates to an internal GP gateway, or like when the same source host accesses a specific destination system (a kronos timeclock). 3.)via the XML/REST API you can clear specific/all tags at any time.
Thank you for covering everything.. Very detailed and to the point. How difficult is the PCNSE Exam for 9.x?
It's really difficult to answer your question because what is difficult to you may not be for me or others. My advice is to download the study guide and determine your strengths and weaknesses. (www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/education/pcnse-study-guide.pdf) There are self-study digital learning courses if you can't attend training and NetDevGroup (www.netdevgroup.com/online/courses/cybersecurity) offers inexpensive lab environments if you don't have access to a device to gain hands-on experience.
excellent video! would you please also guide how to limit per user or per session bandwidth using QoS? like i need to allocate 2Mbps for each user and since we 100s of users so creating separate policy for each user is not feasible. Thx
Limiting bandwidth on a per-user or per source-ip basis would be tough with PAN-OS as it exists today since Bandwidth limitations are based on 8 classes of traffic only. Other product types are capable of doing this with greater granularity of control, or your Palo Alto Networks Account Manager / SE can submit a feature request to have this capability added as a future enhancement to PAN-OS.
Excelente!
great....
Thanks for your comment Vivek!
Mega Byte not bit
i dont have access to view the .xml can anyone post it in the comments or pastebin