Thanks!!

Thank you so much!!

Thanks man

Thanks mate

Thanks

Thanks a lot!!

Thank you :)

Thanks buddy...happy learning!!

Hi Nitesh, thanks for watching the video. Yes you are right, you won't see the logs until you license your VM, you can use evaluation license as well for that purpose. To purchase the VM license through you company, you need to get in touch with your company account manager or contact Palo Alto distributors. For personal use I guess you can request for an evaluation license directly by contacting sales through their website. Hope this helps. Cheers!

I am using VMware images on VMware Esxi, not any simulator :) you can use VMware workstation pro also which has a free trial and follow similar steps, pls see below video for the installation steps: kzbin.info/www/bejne/nZ60gISmZq6sprM

@@sec-u-rity7287 Thank you - Now I need to download the Image.

Hi Edy, in my lab both the firewalls are directly connected on their Outside interfaces, but in real world it won't be the case, there will be Internet/WAN connectivity between 2 firewall Outside interfaces and will definitely be on different subnets. There is no NAT for the private IPs (loopback interfaces in my case), they don't need to be natted in real world scenario as well since their traffic is going to go through the tunnel. Hope this answers your question :)

@@sec-u-rity7287 thanks u for the explanation

It is not compulsory to assign an IP to tunnel interface unless u wanna do dynamic routing over the tunnel (see my video in which I have configured ospf on ipsec tunnel) or if u wanna do tunnel monitoring

Same zone traffic would be allowed by default if you don't modify the default 'intrazone-default' rule. But if that rule is set to deny, then yes, for outside to outside traffic also you need a policy with ike and ipsec app-ids.

@@sec-u-rity7287 thank youu

Hi Ranghel, Yes you are right, you can ping from internal interface of 1 firewall as source to internal interface of other firewall as destination...in your example, yes it would be ""ping source 192.168.1.1 host 10.10.10.10". Do not forget to add those IPs in Proxy IDs in case the tunnel is between PA and non-PA device (policy based VPN). Hope this answers your query :)

all daemons are running admin@PA-2> show system software status Slot 1, Role mp ---------------------------------------- Type Name State Info Group all running Group base running Group batch running Group batch_secondary running Group chassis running Group data_plane running Group dsms running Group fips running Group frr running Group gdb running Group grp_plugins running Group ha_ssh running Group mgmt_services running Group ntlm-grp running Group services running Group supervisor running Group tasks running Group third_party running Process all_task running (pid: 3921) Process authd running (pid: 5090) Process bfd running (pid: 4686) Process brdagent running (pid: 3322) Process chasd running (pid: 3250) Process comm running (pid: 3918) Process contentd running (pid: 3205) Process crypto running (pid: 3813) Process dagger running (pid: 3204) Process devsrvr running (pid: 4797) Process dha running (pid: 4773) Process dhcp running (pid: 5086) Process distributord running (pid: 4801) Process dnsproxy running (pid: 5087) Process ehmon running (pid: 3249) Process ha-sshd running (pid: 3833) Process ha_agent running (pid: 5083) Process icd running (pid: 5056) Process ifmgr running (pid: 5079) Process ikemgr running (pid: 5075) Process iotd running (pid: 4796) Process keymgr running (pid: 5078) Process l2ctrl running (pid: 5082) Process l3svc running (pid: 30673) Process logrcvr running (pid: 5076) Process masterd running (pid: 2919) Process mgmtsrvr running (pid: 4873) Process monitor running (pid: 3216) Process monitor-dp running (pid: 4789) Process mprelay running (pid: 4687) Process pl-dp_notify running (pid: 6246) Process pl-vm_agent running (pid: 6255) Process plugin_api_server running (pid: 3218) Process pppoe running (pid: 5088) Process rasmgr running (pid: 5077) Process redis_gp running (pid: 3817) Process redis_idmgr running (pid: 3815) Process redis_iotd running (pid: 4879) Process redis_useridd running (pid: 4885) Process routed running (pid: 5089) Process satd running (pid: 5084) Process sdwand running (pid: 4685) Process snmpd running (pid: 11594) Process sshd running (pid: 3875) Process sslmgr running (pid: 5085) Process sslvpn running (pid: 5074) Process sslvpn_ngx running (pid: 5120) Process sysd running (pid: 2963) Process sysdagent running (pid: 3206) Process tund running (pid: 4688) Process useridd running (pid: 4800) Process varrcvr running (pid: 5080) Process vm_agent running (pid: 3217) Process web_backend running (pid: 5055) Process websrvr running (pid: 5511) Process wifclient running (pid: 3935)

Is your firewall licensed? You won't see traffic logs until there is a license on the firewall

@@sec-u-rity7287 It is not licensed. Thanks for immediate response.