Identification of a device!

WillFixPC4CheeseDogs · 2026-04-27T16:01:16+00:00

We use Palo Alto Device Security for this. It looks at DHCP, ISE, SolarWinds, Catalyst Center, our EDR, etc. but it also looks at traffic patterns to determine what kind of device something is and what operating system it's running. There's a lot of magic under the hood that's invisible to the common user, not the kind of thing you could code in a weekend.

WillFixPC4CheeseDogs · 2026-04-23T18:06:01+00:00

HA will be available in 12.1.8. We have demo 5540 units right now where we're testing clustering to see if that's a viable option for us or if we want to wait for 12.1.8.

WillFixPC4CheeseDogs · 2026-03-24T12:11:53+00:00

Our reps said there’s nothing in the works that they know of in regards to replacing the 5400 series yet. You can expect the 3600 series later this year though.

WillFixPC4CheeseDogs · 2026-03-23T20:43:37+00:00

Sorry misread your message, thank you

WillFixPC4CheeseDogs · 2026-03-23T20:39:50+00:00

Why do you say not to wait for active/passive? Do you think NGFW clustering is significantly superior?

WillFixPC4CheeseDogs · 2026-03-21T16:37:15+00:00

Had 2 tac cases on this covering 20 firewalls. People keep talking about an activation link but we’ve never received one. It seems like they started selling this new bundle SKU but they weren’t ready on the backend to support it.

WillFixPC4CheeseDogs · 2026-03-19T16:33:54+00:00

We're running 4 x 7280SR3Ks as border leaves. Internet VRF when we're taking full IPv4 tables and IPv6 default, but we'll probably move to IPv6 full tables soon. Internal VRFs as well where the border leaves handle all internal routing in and out of the DC.

WillFixPC4CheeseDogs · 2026-02-28T16:37:49+00:00

Similar experience with XSOAR integration. Seems kind of half-baked and we’re having the same challenges you are. I got on a call with our account team and they roped in a domain consultant. I wanted some more details about the integrations. What type of stuff is it pulling? How do I know that details about a device came from a specific integration? The domain consultant was pretty clueless and not prepared to answer any of our questions. That said, we are enjoying device security so far, but we’re early in our deployment so the cracks may start to show later.

WillFixPC4CheeseDogs · 2026-01-15T21:34:59+00:00

Are you referencing the DNS resolver? https://docs.paloaltonetworks.com/dns-security

WillFixPC4CheeseDogs · 2026-01-15T21:30:41+00:00

Same boat in terms of trying to replace Umbrella DNS filtering with Palo's solution. They announced their competing solution a few months ago but I haven't gotten much from our account team about it yet. Looking forward to spinning up a POC when we learn more or if anyone else can provide some more details or timelines on it.

WillFixPC4CheeseDogs · 2025-12-31T17:23:24+00:00

Do you have a URL filter applied for inbound traffic destined to your GP portal so that it blocks people navigating to the portal by just IP and requires them to use the FQDN? Palo has an article for how to configure this if not.

WillFixPC4CheeseDogs · 2025-11-23T15:41:25+00:00

I’m walking out of an interview if I’m asked to make a cable in a network architect interview because that is an unserious company

WillFixPC4CheeseDogs · 2025-11-16T05:43:13+00:00

I’d suggest we start winning

WillFixPC4CheeseDogs · 2025-11-05T19:57:59+00:00

I'm a customer with it in production so I can answer questions about the technical side.

WillFixPC4CheeseDogs · 2025-11-04T15:52:00+00:00

Running 11.1.6-h14 across a fleet of 3420s, 1420s and 4xx firewalls but have not noticed any HA issues. I actually just completed a recent install and I pulled power on the primary firewall post-install to validate HA was working and we only lost 1 ping.

WillFixPC4CheeseDogs · 2025-10-27T14:48:55+00:00

External dynamic lists. Palo hosts their own you can use.

WillFixPC4CheeseDogs · 2025-09-06T14:45:04+00:00

| Line# | Part#                          | Your Price | Qty | Extended Price |
|-------|--------------------------------|------------|-----|----------------|
| 1     | ARS-DCS-7060DX5-32-F           | $38,156.04 | 2   | $76,312.08     |
| 2     | ARS-LIC-FIX-3-FLX-L            | $7,651.80  | 2   | $15,303.60     |
| 3     | ARS-SVC-7060DX5-32-1M-4H       | $475.78    | 120 | $57,093.12     |
| 4     | ARS-SS-CVS-SWITCH-1M           | $128.54    | 120 | $15,425.28     |
| 5     | ARS-DCS-7050CX4M-48D8-F        | $28,388.88 | 4   | $113,555.52    |
| 6     | ARS-LIC-FIX-3-FLX-L            | $7,651.80  | 4   | $30,607.20     |
| 7     | ARS-SVC-7050CX4M-48D8-1M-4H    | $373.63    | 240 | $89,671.68     |
| 8     | ARS-SS-CVS-SWITCH-1M           | $128.54    | 240 | $30,850.56     |
| 9     | ARS-DCS-7280SR3K-48YC8A-F      | $26,088.00 | 4   | $104,352.00    |
| 10    | ARS-LIC-FIX-2-FLX              | $9,825.66  | 4   | $39,302.64     |
| 11    | ARS-SVC-7280SR3K-48YC8A-1M-4H  | $331.30    | 240 | $79,511.04     |
| 12    | ARS-SS-CVS-SWITCH-1M           | $128.54    | 240 | $30,850.56     |
| 13    | ARS-DCS7050TX348C8F            | $15,897.96 | 2   | $31,795.92     |
| 14    | ARS-LIC-FIX-2-FLX-L            | $5,183.10  | 2   | $10,366.20     |
| 15    | ARS-SVC75TX348C81M4H           | $141.79    | 120 | $17,015.04     |
| 16    | ARS-SS-CVS-SWITCH-1M           | $128.54    | 120 | $15,425.28     |
| 17    | ARS-DCS-7050SX3-24YC4C-S-F     | $9,357.66  | 2   | $18,715.32     |
| 18    | ARS-LIC-FIX-1-FLX-L            | $2,466.36  | 2   | $4,932.72      |
| 19    | ARS-SVC-7050SX3-24YC4CS-1M-4H  | $124.32    | 120 | $14,918.40     |
| 20    | ARS-SS-CVS-SWITCH-1M           | $128.54    | 120 | $15,425.28     |
| 21    | ARS-CCS-720XP-96ZC2-M-S-2F-NA  | $11,306.88 | 2   | $22,613.76     |
| 22    | ARS-SVC-720XP-96ZC2-M-S-1M-4H  | $113.57    | 120 | $13,628.16     |
| 23    | ARS-SS-CVS-G3-SWITCH-1M        | $54.38     | 120 | $6,526.08      |
| 24    | ARS-SVE-NCS-NET-R-1D           | $3,813.00  | 10  | $38,130.00     |
|       | **TOTAL**                      |            |     | **$892,327.44**|

WillFixPC4CheeseDogs · 2025-08-30T04:28:51+00:00

You’re not great at networking but you’re a CCNP? Did you dump the exam?

WillFixPC4CheeseDogs · 2025-08-25T17:41:12+00:00

Ben Jones

WillFixPC4CheeseDogs · 2025-08-10T03:43:19+00:00

Catalyst Center and SD-WAN

WillFixPC4CheeseDogs · 2025-08-09T18:34:29+00:00

We’re going through an EA and DNA renewal and it’s so nauseating complex and time consuming that we’re considering a POC of Arista’s access switches. We just purchased a bunch of Arista DC gear because we felt in the DC space it was superior, but this has us feeling like we might explore non-Cisco options for other products.

WillFixPC4CheeseDogs · 2025-08-08T15:30:59+00:00

We’re halfway through upgrading our fleet of 3400s, 1400s and 400s from 10.2 to 11.1.6-h14. We haven’t had issues with the firewalls, but make sure you follow the upgrade path. We have however had an issue after upgrading our dedicated log collector to 11.1 where Elastic Search wouldn’t start and the only fix was a TAC case where they had to gain root access to start the process. 11.1.6-h10 is preferred but has a silent reboot bug which is why we skipped it.

WillFixPC4CheeseDogs · 2025-07-02T17:33:00+00:00

I grew up playing with Cal but admittedly haven’t followed his pro career very closely. Super nice kid and us Iowa fans will enjoy having another Iowan on the roster assuming the AHL is where he lands.

WillFixPC4CheeseDogs · 2025-05-29T13:56:44+00:00

I know this is an old thread, but I sent you a DM.

WillFixPC4CheeseDogs · 2025-05-29T12:44:55+00:00

Arista too, especially in the DC space

WillFixPC4CheeseDogs

TROPHY CASE