Видео

this was very insightful, helped a lot in understanding the wildfire and other security features

Thank you for excellent explanation video.

Great videos but would be greater if you can do videos on configuration on the topic. Just a thought

Great

Emergency Information

^92.^68.^7.^0

Amazing refresher 🔥🔥🔥

Excellent video and was perfect for what I needed to get it working for my company. Thank You!!! However, I've been asked to come up with redundancy for VPN and to utilize both ISPs we have. I hope you can help guide me. if you or anyone seeing this don't mind helping? The issue I'm unsure about is at 29:50 when you take us through creating the certificate and auth profile to enable the validate IDP cert. I created the certificate to import into Azure AD using the URL of our portal/Gateway for GlobalProtect. By adding a second ISP, I assume I'll need to register a new URL to use via Azure AD Single sign-on (in addition to the original one via the configuration)? But since I created the IDP certificate using the URL for ISP1, what is the best route to be able to get it configured to work with ISP1 and ISP2? Will I be required to use DNS Failover in the cloud (using the original URL with both ISP IPs configured)? Forgive my ignorance but GlobalProtect and SAML via Microsoft is new territory for me. If you or anyone could help, it would be greatly appreciated! Thanks, Again!!

AWESOME EXPANATION

How to find out that a GP user in prelogon stage unable to proceed to connect further due to authentication issue caused by azure AD/SAML authentication? How to verify that in case when we get the troubleshooting logs

Perfect

Awesome Video

Thank you for doing this. Great explanation!

this was VERY helpful

very good explanation ,

Your Channel is one of the best in RUclips about Palo Alto. I really encourage you to continue to do your videos.

Very informative and useful video..Plz make such more videos.

I can't find the right words to describe your job. It was fantastic.

A small doubt, why didn't we use directly L3 interface here instead of using L2?

yes pls It's is very helpful vedio,please make a vedio on packet flow of paloalto

great knowledge sir i want more ...videos in depth...

Does TAP interface on PAN deduplicates traffic? For example if there are multiple copies of same traffic reaching at the TAP port?

Thank you sir for a fantastic walk through. You saved my butt a bunch of time.

Can you add the script here ? share pls

Possible if i want to do vpn site to site on subinterface?

Thank you for taking the time out to make this video.

Can you just use route path monitoring and PBR, I don't see why we need a separate VR for each ISP plus a third for the LAN, it seems overly complicated but I may be wrong

Hi guys! I am facing a problem in the GlobalProtect Login page. When I try to login into GlobalProtect I can not have access to the login page, instead my Windows Login is automatic used to access the VPN. There is a configuration to show the login page every time I have to login? I have the same problem reported in this link: live.paloaltonetworks.com/t5/general-topics/globalprotect-no-longer-prompting-for-account/td-p/309392

FYI, you can add wildcards. Just edit the metadata. We have done this for Prisma Access successfully.

That's a very nice explanation of Vsys.

Please make more videos !!!! I love your videos!

Great explanation. Thanks!

better explained here than in PA EDU110, thanks!! just one question, can you treat the traffic going throw?

Appreciate the video. Helped a lot.

Course Cost is very expensive. any offers ?

can this be achieved with two ISP and two PA firewall in Active/Active configuration?

How do you handle the VLANs if the switch is the default gateway for you clients instead of the PA?

I wouldn't really say this is the a particularly good use case for PBF. You could have just enabled ECMP on the VR then tweaked the ECMP load-balancing algorithms. Also it's asymmetric routing not "asynchronous". Why bother with different VRs for each ISP, just use a single egress interface (in a port-channel).

So if the Production and Pre-Production are in the same IP subnet, the Managements are different, If I tried to connect to something across the IVRL, then it would be the same IP ? If you are going to have IVRL, then you need different subnets all the way around

You lost me at rooter.

This did not clear it up for me, when would you not be able to use a layer 3 firewall?

Hi sir, can you please share in theory about the PA . i Need to check it out

Thanks for short and simple explanation!

What a bad idea!

Excellent.Thank you

YOU NEED TO LEARN HOW TO WRITE "1" - YOU WRITE "1" AS INVERTED "V" - AND YOU CALL YOURSELF AS "NETWORK EXPERT"

Very clear and informative, but I am missing linkage to Palo Alto Config UI. The PA UI has "VLANs" menu item, vs "vlans" tab in the interface menu. This does not corresponds to L2 vs L3 vlan.

Awesome explanation, easy to understand!

Very good content, it's clear and well explained. However it would have been nice to include GUI view and quick config exemple.

For Production and Pre-Production L3 interfaces, could they be the same IP address? Want to keep server VMs the same IP address and default gateway when moving in and out of the two environments.