One of the challenges with managing any zone based firewall on a large
scale is knowing which zone everything is in. We all know that the
network should be well documented, but we also know that routing tables
get unwieldy, and it's not uncommon when adding a firewall rule to be
wondering exactly which zone that source or destination is in.
There are three ways … Read whole post...
I've recently been working with a client on magically spinning up entire
environments in AWS. This means I've learned a fair bit about AWS on the
Without going into too much detail (as it's the clients work), we have
been bootstrapping Palo Alto firewalls. This allows you to be able to
stand up a fully configured Palo Alto firewall using a CloudFormation
script in … Read whole post...
Recently we deployed a Palo Alto VM-200 firewall. It was a stand-alone
deployment on a remote site. We were going to deploy a pair, but we
didn't see how much value it added as the VM-series firewalls do support
HA but not stateful HA.
As it was stand-alone, it wasn't managed by Panorama. And without
Panorama management, it is seemingly not very straightforward to enable … Read whole post...