Step by step guide to build Centralized architecture with AWS GWLB

Рет қаралды 13,598

Жыл бұрын

Learn how to build a centralised security architecture with application VPC and security VPC with GWLB. This video also covers the routing configuration and traffic flows in this architecture

Пікірлер: 13

@sandeepjoseph2480 Жыл бұрын

A nice explanation of GWLB and integration with PAN firewall, thanks for posting.

@networkers5037 Жыл бұрын

good one. i have been waiting for this. Thank you

@aravindviswanathan6884 7 ай бұрын

Wow super great . Thanks a lot mama

@rusalkaus3406 Жыл бұрын

Our PAN SE keeps recommending to me to follow the recommended deployment guide but I'm having a hard time accepting this recommendation especially after watching this video. As a result, I just have more issues/questions/concerns. For example, outbound traffic is showing in traffic log on the same "from" and "to" zone. That defeats the whole purpose of using zones! Also, why are there IGW's in the App VPC's? Shouldn't there only be one IGW in the VPC that the PAN's resides in?

@IanHayes Жыл бұрын

There's some good information here, but the narrator is going waaaay too fast, skips over some critical information, and makes a few showstopper mistakes if one copies what is going onscreen. There are some critical concepts that are glossed over in the narrator's race to the finish, leaving people trying to learn scratching their heads. There are some issues with the firewall configuration, as well as issues with some of the core setup such as subnets created. She also zooms past setting up the routes correctly in the security VPC for the GWLB endpoints. This could have been a very good video but it seems like this was done hastily. Please slow down and take more time going over each step.

@VortexRiddle Ай бұрын

Lots of points - like Firewall routes (VR) and Security Hub routes details, Not covered.

@IanHayes Жыл бұрын

Target group for the firewall comes up as unhealthy as you're not putting eth1/1 layer3 interface in a security zone. Also the CIDR for the security subnet needs to be added as an authorized IP for the interface management profile

@user-wm8lx8hj2k Жыл бұрын

If the ethernet 1/1 interface does not have any zone settings, it is confirmed that the healthcheck packet is dropped even though there is an allow-all policy. So, I created an additional zone and applied the ethernet1/1 interface, and then the unhealthy > healthy state.

@samuelli2812 4 ай бұрын

@@user-wm8lx8hj2k Thanks I hope I saw this earlier. I called Palo Alto support and spent 2 hours to find the same thing you mentioned. She missed that from the beginning. At 33:41, the ethernet1/1 is in zone gwlb-zone.

@manasp7888 11 ай бұрын

is there any step by step guide from PANOS ? that refers this lab setup ?pls share the link. Appreciated the excellent tutorial.

@hallowbeyourname Жыл бұрын

Thanks for this video. Is it possible to synchronise configurations in such architecture with two VM-Series? If yes can you share a link which shows that?