Step by step guide to build Centralized architecture with AWS GWLB

Рет қаралды 16,615

Күн бұрын

Learn how to build a centralised security architecture with application VPC and security VPC with GWLB. This video also covers the routing configuration and traffic flows in this architecture

Пікірлер: 17

@AibingWang-h6j Ай бұрын

Thanks a lot for your wonderful sharing video and got a lot of understanding upon gwlb.

@sandeepjoseph2480 2 жыл бұрын

A nice explanation of GWLB and integration with PAN firewall, thanks for posting.

@networkers5037 2 жыл бұрын

good one. i have been waiting for this. Thank you

@aravindviswanathan6884 Жыл бұрын

Wow super great . Thanks a lot mama

@rusalkaus3406 2 жыл бұрын

Our PAN SE keeps recommending to me to follow the recommended deployment guide but I'm having a hard time accepting this recommendation especially after watching this video. As a result, I just have more issues/questions/concerns. For example, outbound traffic is showing in traffic log on the same "from" and "to" zone. That defeats the whole purpose of using zones! Also, why are there IGW's in the App VPC's? Shouldn't there only be one IGW in the VPC that the PAN's resides in?

@manasp7888 Жыл бұрын

is there any step by step guide from PANOS ? that refers this lab setup ?pls share the link. Appreciated the excellent tutorial.

@michaeldanquah9309 4 ай бұрын

The recommendation from Palo is to override the default allow intrazone policy with a deny but you created an allow-all rule that allows everything- not sure why.

@SSS_Tech 5 ай бұрын

Why we created 2 Transit Gateway, cant we create single transit gateway and share via resource share option?

@IanHayes Жыл бұрын

There's some good information here, but the narrator is going waaaay too fast, skips over some critical information, and makes a few showstopper mistakes if one copies what is going onscreen. There are some critical concepts that are glossed over in the narrator's race to the finish, leaving people trying to learn scratching their heads. There are some issues with the firewall configuration, as well as issues with some of the core setup such as subnets created. She also zooms past setting up the routes correctly in the security VPC for the GWLB endpoints. This could have been a very good video but it seems like this was done hastily. Please slow down and take more time going over each step.

@AnimeN-ig4cw 5 ай бұрын

True

@hallowbeyourname 2 жыл бұрын

Thanks for this video. Is it possible to synchronise configurations in such architecture with two VM-Series? If yes can you share a link which shows that?

@rsc8765 2 жыл бұрын

Hello, what routes you have configured in your virtual router?

@IanHayes Жыл бұрын

Target group for the firewall comes up as unhealthy as you're not putting eth1/1 layer3 interface in a security zone. Also the CIDR for the security subnet needs to be added as an authorized IP for the interface management profile

@정무현-v4y Жыл бұрын

If the ethernet 1/1 interface does not have any zone settings, it is confirmed that the healthcheck packet is dropped even though there is an allow-all policy. So, I created an additional zone and applied the ethernet1/1 interface, and then the unhealthy > healthy state.

@samuelli2812 10 ай бұрын

@@정무현-v4y Thanks I hope I saw this earlier. I called Palo Alto support and spent 2 hours to find the same thing you mentioned. She missed that from the beginning. At 33:41, the ethernet1/1 is in zone gwlb-zone.