Configure Palo Alto Networks PANOS SDWAN

Рет қаралды 15,190

Жыл бұрын

Through this video, you will learn how to configure paloalto panos sdwan.
for a detailed guide refer to the following link:
docs.paloaltonetworks.com/sd-...

Пікірлер: 25

@Neur0bit 28 күн бұрын

Fantastic explanation and demo. Bravo!

@chris71mach1 Жыл бұрын

This was a great and concise explanation of Strata SD-WAN and its initial setup and requirements. Thanks for the vid, I think you've earned another subscriber!

@Black_Swan68761 Жыл бұрын

Thanks for sharing the video.

@henryhajj1248 Жыл бұрын

Amazing!

@mahmoudabomosalm1893 Жыл бұрын

Good job 👍

@MB_72282 3 ай бұрын

Awesome! thanks

@vijayyadav-pm5vv 9 ай бұрын

good

@mostafasafari8583 11 ай бұрын

Thank you for your video. I have a bunch of branches and one hub. These branches are currently connected to the hub by IPSec tunnels, one for each branch. The tunnels are also part of the internal zone; therefore, we have L3-Trust (the internal network and tunnels) and L3-Untrust. If I want to use SD-WAN, should I define a third zone for tunnels? How should I map the zones?

@Cyberbulb 11 ай бұрын

create zone-to-hub and zone-to-branch and map L3-Trust with internal and L3-Untrust with internet

@spm3365 Жыл бұрын

Much appreciated, May I know the difference between the above configuration and the CloudGenix ION device configurations from Prisma-SDWAN portal.

@Cyberbulb Жыл бұрын

This is the sdwan integrated feature in paloalto ngfw. Cloudgenix is a dedicated sdwan solution.

@spm3365 Жыл бұрын

@@Cyberbulb that is absolutely right. Lemme put my query in different way, what is the difference between the PANW's dedicated SDWAN (CloudGenix) methodology vs the PA-NGFW PANOS integrated SDWAN.

@aswin05 9 ай бұрын

Can we have Branch to Hub and also branch to branch ? also can we route an application through specific link ?

@Cyberbulb 9 ай бұрын

Yes, you can. Branch to branch is through hub or may be direct if you choose mesh instead of hub and spokes in vpn cluster config

@gouthamm.n2644 9 ай бұрын

Could you also show the virtual router configurations?

@Cyberbulb 9 ай бұрын

BGP configured using sdwan plugin auto configures virtual router. connected routes for branches are advertised using bgp. subnets added under hub "prefixes to redistribute" are reachable from branches through bgp routes as well. if you wish to use static routes, it will be another story to tell may be on my next video!

@gouthamm.n2644 9 ай бұрын

@@Cyberbulb got it I had issues with the loopback interface after fixing that the BGP was established I still have 1 more problem. Internet from zone-private to zone-internet does not work I do not see any hit counts on the nat policy which i have configured.

@Cyberbulb 9 ай бұрын

if you have mapped the zones use the original zones in the policy like from trust to untrust as an example also check static default route that sdwan automatically create on the firewall with metric 5 @@gouthamm.n2644

@TranVanLamBDCVT- 2 ай бұрын

Can you show me the Zones on the Panorama ?

@Cyberbulb 2 ай бұрын

If it is a green field it is better to create the following zones on panorama and use them zone-internet, zone-internal, zone-to-hub, and zone-to-branch

@Cyberbulb 2 ай бұрын

Creat the following zones on panorama: zone-internal zone-internet zone-to-hub zone-to-branch

@kauffmann1983 Жыл бұрын

Hello, Panorama is not necessary in order to implement SD-WAN, right?

@Cyberbulb Жыл бұрын

it should work without panorama as its role is the automation of VPN tunnels configurations and better monitoring

@chris71mach1 Жыл бұрын

Most everything you do with multiple PAN firewalls will use Panorama as the central point. Whether you HAVE to or not (which I honestly think you do), it's going to be a lot less of a migraine if you have at least a PA-VM on your network.