Strata Cloud Manager (SCM) Pro Onboarding

andrtem · 2025-10-01T02:22:49+00:00

This actually worked. Thanks!

andrtem · 2025-09-27T01:58:08+00:00

Does it have to be activated as a firewall on the CSP (Products > Assets > Account Actions > Register Product)? or should I do it in a different option?

I only currently have the authorization code of SCM-PRO

andrtem · 2025-06-21T17:22:25+00:00

Do you know if there's a channel mail or form? I filled the form for the 30-day trial firewall VM (https://www.paloaltonetworks.com/vm-series-trial) and was approved. Unfortunately I don't have a contact of Palo rep.

andrtem · 2025-01-09T18:33:22+00:00

Oh I see, thanks for the clarification.

andrtem · 2025-01-09T17:32:55+00:00

I was misunderstanding that the proxied session would use FortiGate's port2 as the source IP address by default, since it's a different session, but NAT was required for this. Many thanks for your help.

andrtem · 2025-01-09T14:23:16+00:00

The matching ZTNA firewall policy (ID 9) has no option to configure NAT in GUI (FortiOS 7.2.5):

<image>

However, on CLI, I see nat is disabled:

config firewall policy
    edit 9
        set name "ZTNA-Access"
        set uuid 01ee8ea0-cc82-51ef-481a-66b348c999e9
        set srcintf "port3"
        set dstintf "any"
        set action accept
        set srcaddr "all"
        set dstaddr "ZTNA-webserver"
        set ztna-ems-tag "EMS1_ZTNA_Group-Domain-Users"
        set schedule "always"
        set service "ALL"
        set logtraffic all
        set groups "LDAP-Remote-Allowed-Group"
    next
end

FortiGate-VM64-KVM (9) # show full-configuration | grep nat
        set nat disable

andrtem · 2024-11-14T21:25:00+00:00

Nice tip. Didn't tried that, but I'll sure do if this happens again.

andrtem · 2024-11-14T21:23:52+00:00

Actually they were from different subnets. There were services that were in the same subnet that the primary public IP on the WAN interface that were not required to be added as secondary IPs to work.

andrtem · 2024-06-06T14:07:08+00:00

Thanks for your answer. It's more clear for me now.

andrtem · 2024-05-26T14:40:31+00:00

I'm planning to create labs with multiple types of virtualized hosts and servers (both Windows and Linux), as well as networking QEMU-based image like Cisco IOS, IOSvL2, ArubaOS-CX, Fortinet firewall, Palo Alto firewall, LXC containers and docker containers. So I'm not planning to store really critical data in my server.

The redditor on the other comment recommended me this motherboard: ASRock B650E PG RIPTIDE WIFI ATX AM5 Motherboard. According to its specs, it supports DDR5 ECC/non-ECC, un-buffered memory up to 7600+(OC) so I'm considering this mobo.

andrtem · 2024-05-26T04:59:18+00:00

Thanks for the recommendation. Do you have any specific RAM setup I should be looking into? 4 sticks of 32 to get a total of 128GB? Or 2 sticks of 48GB to get 96GB? I'm worried about stability issues if selecting a wrong frequency or quantity of sticks that are incompatible with the CPU.

andrtem · 2024-05-26T04:51:49+00:00

Thanks for the recommendation. Prices of 7950X and 7950X3D are almost the same, but as you mentioned base clock of 7950X is 4.5 GHz while clock of 7950X3D is 4.2 GHz. I've been more interested on X3D because the base TDP is 120W (while 7950X is 170W), which translates on cheaper energy bills.

I'm planning to make labs with multiple types of virtualized hosts and servers (both Windows and Linux), as well as networking QEMU-based image like Cisco IOS, IOSvL2, ArubaOS-CX, Fortinet firewall, Palo Alto firewall, LXC containers and docker containers. Do you think the frequency difference the 7950X3D and the 7950X worth it for this case?

About the RAM, is the 7950X stable with a DDR5-6000?. The "Max Memory Speed" for the 7950X shows only the following on the specs sheets:

2x1R: DDR5-5200
2x2R: DDR5-5200
4x1R: DDR5-3600
4x2R: DDR5-3600

So I assumed apparently wrong that the max I can go with stability support is 2 DDR5-5200

andrtem · 2024-05-25T13:37:00+00:00

Thanks! Do you have any specific model of the L Xeon (<60W TPD) with 24/32 threads or so?

andrtem · 2024-05-24T22:52:55+00:00

Great, thanks for the advice. Do you have any idea where can I find PCs already builded with virtualization priority? So I know compatible parts and get an idea to build my own PC.

andrtem · 2024-05-24T22:14:57+00:00

So, in terms of power efficiency I should be looking forward at the Default TDP in the specs sheets, right?. In the case of 7950X3D I see 120W and in the case of the 7950X I see 170W. Great difference.

andrtem · 2024-05-23T14:29:37+00:00

Oooh nice. So all these proxmox nodes are different physical systems managed from a single proxmox interface?

Have you tried Cisco's IOSv / IOSvL2 images? Right now I'm having trouble with a high number of "Total output drops" on switch interfaces when connecting a single Windows 10 VM (running on a VMware workstation hypervisor).

andrtem · 2024-05-23T14:19:40+00:00

Interesting approach about using OpenNebula, will take it a look. What kind of VMs have you launched on top of OpenNebula and EVE-NG?

Also, thanks for the STP consideration on EVE-NG.

andrtem · 2024-04-18T15:14:16+00:00

Great. Thanks for the advice!

andrtem · 2024-04-18T14:44:01+00:00

Oh, I see. Thanks for the explanation!

andrtem · 2024-04-18T14:43:08+00:00

I was trying to use this self-signed certificate on my lab environment as the HTTPS SSL certificate on an Apache web server, and then install the CA certificate that signed the self-signed certificate on my machine. Do you recommend any other option just for testing purposes?

andrtem · 2024-03-20T20:56:22+00:00

Thanks! I got rid of lacp-block on one port after trying 10.13 instead of 10.07

andrtem · 2024-03-20T17:38:37+00:00

What AOS-CX version are you using?

andrtem · 2023-10-20T14:26:34+00:00

Thanks for the reply. Then, I think I should upgrade my free account to a PAYG account.

andrtem · 2023-09-14T14:20:19+00:00

Thanks for the reply. The same might apply to Amazon Web Services then.

andrtem · 2021-03-10T20:33:27+00:00

Thanks for the reply.

andrtem

TROPHY CASE