Great Video !!! I heard that Palo will have some aws lambda functions to remove and attach the interfaces to respective active firewall ? Can you also talk about setting a Palo Firewall to controll traffic between 2 different VPC'S ?
Hi,Nice one.But "The HA peers must be deployed in the same AWS availability zone" any thoughts/video on multi-zone ? Any production setup we minimum need 2 zones.
HA is not supported on multiple zones. Both primary and secondary peers must be in same availability zone as the ipaddress used by HA interfaces need to be in same broadcast domain (subnet) and subnet in one zone cannot be used in other zone. You can deploy and use a transit gateway or transit vpc method where you can have two individual firewall in two different zones and build bgp over ipsec tunnels to a vgw in the vpc where you have your server infra and decide on which firewall to route traffic using bgp as path prepend technique. That way when the active firewall goes down bgp route failover will happen and traffic will pass thru other firewall.
@@networkers5037 ok thanks.I think now AWS has gateway loadbalancer which solves/avoid using ipsec tunnels or most of this and we can now have active/active very simplified.I am very new to this.Also we hardly have anyone done video,only one but just theory.Looks like you are expert ,you should try one.
@@networkers5037 Please attach the notepad document that's very clear so that we can use step wise to implement. Am currently looking forward to implement, it will be great help if you give that notepad asap, How do I contact you immediately please
Hi, i followed the lab step by step, but i don't have the same result. after the failover the interfaces do not move and stay on the passive fw. did you faced the same behaviour ? . thank you for the help
Thanks for posting man, but you speak in a very low tone sometimes. it was hard to hear you, but in all is great.
Great Video !!! I heard that Palo will have some aws lambda functions to remove and attach the interfaces to respective active firewall ? Can you also talk about setting a Palo Firewall to controll traffic between 2 different VPC'S ?
Thanks.. Will prepare and Post a video on controlling traffic between vpcs soon
Please watch video on routin traffic between vpc via pan firewall and routing internet traffic from one vpc through pan firewall in another vpv
ua-cam.com/video/-OfxiNTHUtI/v-deo.html
Hi,Nice one.But "The HA peers must be deployed in the same AWS availability zone" any thoughts/video on multi-zone ? Any production setup we minimum need 2 zones.
HA is not supported on multiple zones. Both primary and secondary peers must be in same availability zone as the ipaddress used by HA interfaces need to be in same broadcast domain (subnet) and subnet in one zone cannot be used in other zone. You can deploy and use a transit gateway or transit vpc method where you can have two individual firewall in two different zones and build bgp over ipsec tunnels to a vgw in the vpc where you have your server infra and decide on which firewall to route traffic using bgp as path prepend technique. That way when the active firewall goes down bgp route failover will happen and traffic will pass thru other firewall.
@@networkers5037 ok thanks.I think now AWS has gateway loadbalancer which solves/avoid using ipsec tunnels or most of this and we can now have active/active very simplified.I am very new to this.Also we hardly have anyone done video,only one but just theory.Looks like you are expert ,you should try one.
@@niteenkole8582 yeah they have come up with gateway loadbalancer. Will make a video soon
@@networkers5037 Please attach the notepad document that's very clear so that we can use step wise to implement. Am currently looking forward to implement, it will be great help if you give that notepad asap, How do I contact you immediately please
I launched firewall but ec2 does not get public ip or elastic ip address any specific settings for that.
Hi,
i followed the lab step by step, but i don't have the same result. after the failover the interfaces do not move and stay on the passive fw. did you faced the same behaviour ? .
thank you for the help
OMG how low you speak ? Cant hear, but I want this..Can you share if you have steps written. hearing in this video is a challenge,
Can you give the IAM role script
Please attach the notepad document thats very clear so that we can use step wise to implement @networkers5037