Differences

This shows you the differences between two versions of the page.

--- paloaltonetworks:architecture [2021/06/14 11:17] – created bstafford
+++ paloaltonetworks:architecture [2022/11/23 12:49] (current) – external edit 127.0.0.1
@@ Line 21: / Line 21: @@
 Enable interface management profile with ping, ssh, https, user-id and snmp on loopback or firewall's interface to mgmt network. Use this for SNMP polling, User-ID redistribution (and use service route to use this to get User-ID from other firewalls) and managing the 'active' firewall. Enable ping, https, ssh and snmp on actually managment interfaces. Use this for backup access/troubleshooting. Consider doing RADIUS/LDAP/TACACS queries from loopback via service route. Would have to use a local account to get access to passive.
+====== VLANs ======
+x Managment
+	Firewall, switch, access point mgmt.
+	VMware mgmt and other 'all IT can access' mgmt.
+	UPS mgmt.
+	Other mgmt functions (e.g. wall board control)
+x Server
+	Windows servers
+	Linux servers
+	Network servers (e.g. Infoblox DNS/DHCP)
+x Voice
+	-- if needed --
+x NetworkDevices
+	Printers
+x Users Wired
+	Up to 10 Wired VLANs. Can represent different buildings/floors/departments/etc.
+x Users WiFi
+	Up to 10 WiFi VLANs for users. Could represent different SSID/etc.
+x Security
+	CCTV
+	Building Alarm
+	Door Control
+x Guest
+	Guest WLAN
+	Guest Wired
+x Lab
+	Staging Lab
+	Demo environment
+	Internal Lab
+	Training VLANs
+x DMZ
+	Up to 10 DMZ subnets