my fortigate has v6.4.3 with HA and i want upgrade to 7.2.8, and of course there's some step upgrade to get 7.2.8. nah when upgrade to 6.4.5, is there downtime when upgrade per step and while swing traffic? how mant time rto?
@iqwindersingh89974 ай бұрын
Session will not eatablish since syn, syn-ack, ack will not be formed. Firewall 1 would expect the return traffic but the return traffic is coming on fw 3. So session will not bw formed. It wont work
@ee071684 ай бұрын
Dear Singh, first of all I really appreciate for your feedback, Firewall 1 will do the SNAT, therefore the return traffic will come from firewall 1, I hope I have clear your confusion, incase if still it is not clear please do let me know I will explain you further
@iqwindersingh89974 ай бұрын
It will be assymetric traffic
@itsQuark5 ай бұрын
Well done sajid
@CyberTronics5 ай бұрын
very well drawn diagrams, i appreciate the time spent on how neat they are.
@santhujathan36975 ай бұрын
If firewall with HA configured can we upgrade firmware from centralized manager also if we do both device will reboot same time ?
@VulgarAmbassador6 ай бұрын
Hands down the best explanation for PA NVA Firewall Design in Azure.
@cciecloud7 ай бұрын
شکریہ بھائی
@vaibhavsaxena07868 ай бұрын
Both given link not working
@zizolibob10 ай бұрын
Is it the process while downgrading please?
@ee0716810 ай бұрын
the process process needs to follow for downgrade
@user-wv1pm5ux8r Жыл бұрын
very informative
@ee07168 Жыл бұрын
thank you
@user-fh9su5eq7e Жыл бұрын
Great explanation. You should have more videos about the other design model in the guide.
@knowledgebuddyab87 Жыл бұрын
How about the outbound internet traffic? Can we route outbound internet traffic from multiple firewalls using outbound load balancers? That way it will always have same outbound public ip address.
@knowledgebuddyab87 Жыл бұрын
hi, do you provide consultancy services? if yes, how do we reach out to you?
49:55 , what if internal wants to go to internet, here you didn't specify the default to internet
@ee07168 Жыл бұрын
In that case you need to define User define route
@jacktuten4326 Жыл бұрын
Fantastic explanation, thank you!
@ee07168 Жыл бұрын
thank you Jack
@fedipeac Жыл бұрын
Hi..., I have two Fortinet 100F in an A-P cluster, with firmware v6.4.5 and I want to upgrade to v7.2.4. From what I can see in the GUI, the upgrade roadmap involves 4 intermediate versions, to then get to 7.2.4. My query would be then..., (defining the same Priority for each node and disabling the Override, as you recommend), could I start the upgrade without major considerations and without affecting the user sessions? And on the other hand, the updates would be progressive, that is to say, first, the whole process of updating to 7.2.4, of a node and then the other ..., or each node would be updated, alternatively, to each intermediate version of the roadmap? Thank you very much for your time
@ee07168 Жыл бұрын
Hi, if both priorities are set the same then the cluster will not do the second failover after upgrading the old master
@ganbupati6689 Жыл бұрын
You are not answering the questions that is why the students are confused. For example You did not clearly explain the meaning and intention of the availability zone - which is zone of one or more data centres
@ee07168 Жыл бұрын
An Availability Zone is a physically separate zone, within an Azure region. There are three Availability Zones per supported Azure region. for more details learn.microsoft.com/en-us/azure/virtual-machines/availability
@StasKlev Жыл бұрын
A very thorough explanations, thank you for your work!
@ee07168 Жыл бұрын
Glad you enjoyed it!
@adsalhi1 Жыл бұрын
Very well explained. Thank you so much
@ee07168 Жыл бұрын
thanks for appreciation
@deepakkatote1855 Жыл бұрын
Very well explained thank you it helped me in my new project
@ee07168 Жыл бұрын
thank you for your kind words
@arghabhattacharya1995 Жыл бұрын
Hello I have a question related to this .. Let's say we 2 NVA ( Palo Alto vm-300) in HA ( active passive) & I have 2 VMS as web servers Questions -- - I want to route both inbound and outbound (internet) traffic of web servers via NVA ... How should I do it ?? Should I have a internal azure lb >> add webservers as backend members to lb >> create a vip && point it towards the trust interface of NVA - Palo Alto ?? && For VMS have a UDR & default route towards the lb ??? What will happen if a failover happens at NVA - Palo Alto , how the traffic switch will happen in this case ??
@ee07168 Жыл бұрын
Palo alto doest not support Unicase HA in azure , you need to deploy palo alto which have API script for failover
@arghabhattacharya1995 Жыл бұрын
@@ee07168 I am deploying palo vm-300 series vNVA on azure from marketplace.. & it does have native support for failover of fw etc... Using native API
@cyber-security-women-courses Жыл бұрын
kzbin.info/door/9zVmz9afR7wIfE_xLPbwCg
@jatnvirk Жыл бұрын
Very well explained Thanks !
@shaikhrizwan64672 жыл бұрын
THANKS DEAR VERY HELPFUL VIDEO
@ee07168 Жыл бұрын
Thanks for liking
@nektosan2 жыл бұрын
I see you opened two web-interfaces with different IP-addresses. The second is the web-interface of slave-unit or Forti-manager? Cos in our HA-cluster slave-unit get same IP as master, so I don`t understand what did you check when pinging. Or yours HA mode is Active/Active?..
@checkpointerXL2 жыл бұрын
Under HA you can configure Management IP for the specific device
@ee071682 жыл бұрын
Slave unit
@mujeebhussain7652 жыл бұрын
hello sir i dont have any demo license and i want to apply for 30 days free trial license could you help me
@brurytangkere48742 жыл бұрын
So, just upgrade the master then the second fortigate will upgrade also ?
@ee071682 жыл бұрын
yes
@EyeIn_The_Sky2 жыл бұрын
How about the UDR setup that needs to be done to forward traffic from all protected subnets to the FW and out to the internet? It is difficult to do as there are load balancers involved both internal and external...
@EyeIn_The_Sky2 жыл бұрын
Asalaumalkum, BarakAllah feek for this excellent teaching of knowledge. The template seems to have been deprecated and I get pointed to an "updated version" but that updated version is a template for ELB & ILB which I don't want. I tried searching using the URL in your video but that does not exist anymore it seems :(
@ee071682 жыл бұрын
kindly let me know which type of template you are looking for you can send me on wats app the details 00974-33703804
@firewalllife2 жыл бұрын
Thanks for the great explanation. I have recorded Azure advance routing scenarios with respect to Azure PaloAlto deployment. kzbin.info/www/bejne/hpfPf32rmqeFoZI
@srinibasbarik72582 жыл бұрын
Excellent video, I have a query for Where to get the license to practice a Lab.
@ee071682 жыл бұрын
You need a paid account for Azure
@sportsboy59352 жыл бұрын
you explained the difficult concept in deadly easy manner. Fabulous, Great job.
@ee07168 Жыл бұрын
thank you
@ShaileshYadav__2 жыл бұрын
Well explained! thanks much. Please bring more topics.
@leomacron48822 жыл бұрын
Active/Active cannot be deployed Azure or other public clouds as per Palo docs.
@ee071682 жыл бұрын
active/Active does not mean same like physical you can deploy two Palo alto firewall Behind Load Balancer and it will work same as active/Active. Kindly check the Transit VNet design document
@leomacron48822 жыл бұрын
@@ee07168 Thanks for the clarification. Please keep uploading such awesome videos.
@prasadpolavarapu38822 жыл бұрын
@@ee07168 Looks like you are providing training on Azure Advanced Networking. May I know how to connect with you(email or whatsapp).
We have deployed Active passive using loadbalancer but when failover occur ip address of firewall don't switch and now VIP as well as static routes are getting sync . We are not able to access SSL VPN and IpSec tunnel due to this . Anyone has deployed it
@Sumit-rr7db2 жыл бұрын
nicely explained, but problem is Audio issue, Please fix that because withought proper Video/Audio even good content could not appreciated. Thank you
@Leokev1232 жыл бұрын
Will there downtime when upgrading HA ?
@Anuradha5062 жыл бұрын
No.During thePrimary firewall upgrade, it will move all sessions to secondary
@jaymi9032 жыл бұрын
Great explanation I am just confused about how this is configured in terms of availability sets , are you able to explain ?
@abarnajayabal54532 жыл бұрын
superb explanation sir
@ee071682 жыл бұрын
Thanks for appreciation
@saulvilcavillena13242 жыл бұрын
someone deploy two firewall in HA in different regions?
@ee071682 жыл бұрын
yes you can deploy in different Availablity Zone template is available in Github
@ricardomateus81962 жыл бұрын
Excellent work. the number 9 is repeated. Will you make video 10 available?
@ee071682 жыл бұрын
Thanks for appreciation Ricardo
@s4rabats4maroc262 жыл бұрын
Great training
@StevenEijzermans2 жыл бұрын
How many VR per firewall? With back and frontend LB how do you do the check of FW from LB?
@muhammadomairsiddiqui78782 жыл бұрын
Very useful
@josearmandotorres31183 жыл бұрын
By default , the networks adapter come without Azure Accelerate Networking enable, Any issue if I want to do this change in the Azure
@josearmandotorres31183 жыл бұрын
I have a issue, with my Fortigates deploy with SDN connector, when I want to do a HA test, reboot the master firewall an them look the traffic in the slave firewall but the Azure UDRs routing tables don't update, in the SDN connector each firewall is well configured. Can you help me?
@letscreatehealth3 жыл бұрын
Cleared many doubts.. thank you very much. Please upload F5 Lm