Jump to content
ExamFerret

Palo Alto software images, any platform, any release

Recommended Posts

12 hours ago, knightwillhem said:

I have no experience with GlobalProtect, but prefer L2TP/IPsec anyway. I was just wondering how complicated L2TP/IPsec is to configure in Palo Alto?

I was originally going to setup pfSense on an R610 or R620 as my firewall/router, but was thinking that ASA or Palo Alto might be a good fit and could learn more in the process.

I am basically using the router/firewall to protect a couple of Dell VRTX units in my home lab running vSphere 6.5. I am also going to be using NSXv with the Ubiquiti EdgeSwitches. They can do minor Layer 3 routing and that is good enough for what I need.

Thanks for your help.

I'd say that if I'd be in your situation and would have an option to try and learn Palo Alto FW I would not hesitate to do it even for a minute.
You can do all routing/firewalling there and moreover you'll have hands-on experience of really cool NGFW features of best FW vendor.

They really worth it 🙂
 

  • Like 1

Share this post


Link to post
Share on other sites
On 10/26/2020 at 2:46 AM, Kreator777 said:

I'd say that if I'd be in your situation and would have an option to try and learn Palo Alto FW I would not hesitate to do it even for a minute.
You can do all routing/firewalling there and moreover you'll have hands-on experience of really cool NGFW features of best FW vendor.

They really worth it 🙂
 

I think this is the last question I have for you. Is there any performance or throughput limitation on a PA-3050 if it is not Licensed? I read somewhere that it is limited to 100Mb/s throughput, but I can't remember if that was for the VM or the physical hardware.

Again, thanks for your help.

Share this post


Link to post
Share on other sites
13 hours ago, knightwillhem said:

I think this is the last question I have for you. Is there any performance or throughput limitation on a PA-3050 if it is not Licensed? I read somewhere that it is limited to 100Mb/s throughput, but I can't remember if that was for the VM or the physical hardware.

Again, thanks for your help.

absolutely no BW limits. It's not Cisco ))
on 3050 ports are 1Gbit and using NAT I achieved on tests 900+ Mbit/s speeds. And it has even more FW power according to the specs (4Gbit/s) if you use more than one link.

Don't recall about Global protect client (read - VPN) but saw one guy transferred around 35MB/s (specs says about 500Mbit/s~~60MB/s max) which is absolutely fine for me.

PS. All tests were made after factory reset (consider no licenses entered)

Share this post


Link to post
Share on other sites

How hard is it to install PAN-OS from scratch if the disk is missing from say a PA-3050?

Is there a manual that can be found on this subject to reference?

Thank You

Share this post


Link to post
Share on other sites
On 3/8/2018 at 11:05 AM, ExamFerret said:

Palo Alto software thread! I have access to all software images for all platforms and can upload any release you need. Request them here and I will deliver.

 

This is for software only, I cannot provide licences, support, or activation codes etc.

I recently picked up several PA-3020 with Pan-OS 8.0.7 for lab use. Do I need to upgrade to 8.0.20 and then to 8.1.0? Or can I go straight from 8.0.7 to 8.1.x?

Share this post


Link to post
Share on other sites
On 3/8/2018 at 4:05 PM, ExamFerret said:

Palo Alto software thread! I have access to all software images for all platforms and can upload any release you need. Request them here and I will deliver.

 

This is for software only, I cannot provide licences, support, or activation codes etc.

Even if we tempt you with a box of jelly donuts? 😏

Share this post


Link to post
Share on other sites

I found the updates for PA-3050 here. Thank You.

I have upgraded to 8.1.0, but when going to 9.0.0 an error shows up.

Error message is, Upgrading  from 8.1.0 to 9.0.0 requires a content version of 8103 or greater and found 769-4439

 

  • Like 1

Share this post


Link to post
Share on other sites
On 10/24/2020 at 6:37 PM, knightwillhem said:

I recently purchased a Cisco ASA 5550 and was not impressed with the over-complicated setup and usability.

Sorry to reply to a month old post but I have to take issue with the "overly-complicated setup" claim when compared to a Cisco ASA.  The ASA doesn't display a login prompt prematurely and repeatedly tell you 'invalid password'. You don't need to wait 15 minutes to login in with said 'invalid password'. The ASDM has super easy setup wizard, AND it even has a VPN setup wizard. The Palo needs a lot of initial configuration and has no setup wizards at all. You literally have to go though each and every setup each Ethernet port and tell it what you want  it to do and what zone and vRouter to use so don't  say the Cisco is "overly complicated" to setup. 

I wouldn't be impressed with something that old either. For a "Home Lab"  I think you downgraded yourself. You could have gotten something like a 5512-X cheaper (better looking too if you care about that kind of thing) and better performing than the 5550.

 

The Palo has a much nicer UI, but honestly how much time are you going to spend using it for Home Production.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...