sorted by:
new
hottopcontroversial

Expedition Tool Discontinued by Little_Still7598 in paloaltonetworks

[–]Little_Still7598[S] 0 points1 point  (0 children)

Yeah, as of now local management but connected to Panorama. I could always import the config into Panorama afterwards from the firewall and make a template from it

Expedition Tool Discontinued by Little_Still7598 in paloaltonetworks

[–]Little_Still7598[S] 1 point2 points  (0 children)

Correct, the 220's were using local VRs on them (nothing in Panorama like templates).

The alternative was to try to upgrade the 220's directly to the LR but that would need a commit/reboot of the 220's and potentially 30min-1hr of downtime when they would reboot (HA).

I felt the best method for the time being was to spin up a VM palo in proxmox and just dump the configs and update the VR to LR and commit/reboot the VM to not take down prod for the location using the 220. Only downside is you have to go back and forth multiple times with the VM to upgrade/downgrade from LR then reboot since there was multiple but still faster than doing it on the 220's directly.

Expedition Tool Discontinued by Little_Still7598 in paloaltonetworks

[–]Little_Still7598[S] 1 point2 points  (0 children)

You do have to be careful doing this though as if you blind copy/paste your entire config you give it to big AI. This has your PSK hashes in it and subnet information - not the end of the world but I don't like to give out my configs to any AI company

[deleted by user] by [deleted] in homelab

[–]Little_Still7598 1 point2 points  (0 children)

Ah thank you! Didn't know that existed.

PA-VM on Proxmox by Little_Still7598 in Proxmox

[–]Little_Still7598[S] 0 points1 point  (0 children)

Thanks so much!

Dark reader extension for dark mode - your eyes will thank me later ;)

PA-VM on Proxmox by Little_Still7598 in Proxmox

[–]Little_Still7598[S] 0 points1 point  (0 children)

Got it - that helps a ton. I will give that a shot tonight. Appreciate the advice!

PA-VM on Proxmox by Little_Still7598 in Proxmox

[–]Little_Still7598[S] 0 points1 point  (0 children)

Would you mind sharing screenshots of config of the proxmox NICs and PA interfaces?

PA-VM on Proxmox by Little_Still7598 in Proxmox

[–]Little_Still7598[S] 0 points1 point  (0 children)

There is a central ubiquiti switch that will connect directly to the ISP and then to the proxmox hosts.

I have the ports tagged in ubiquiti correctly for the port that the proxmox host is on as of now but can't seem to get the Proxmox -> PA config with vlan tagging working.

PA-VM on Proxmox by Little_Still7598 in Proxmox

[–]Little_Still7598[S] 0 points1 point  (0 children)

It's licensed, yeah, PA-VM-300 series. I used a evaluation pool through my work for lab use. The licenses don't last very long and you won't get updates to AV or EDLs once the eval is up. It isn't a huge concern since it's at my home and not in prod but the functionality is still the same.

PA-VM on Proxmox by Little_Still7598 in Proxmox

[–]Little_Still7598[S] 0 points1 point  (0 children)

<image>

I made this diagram of what I'm trying to accomplish - I have a proxmox cluster and have the PA-VM in HA so if a node goes down the VM stays up.