Paximus FAQ

What are the Security / NAT Rule Best Practices?

It’s best to maintain a consistent set of Zones on both devices. The security rules that are related to inbound traffic (destination NAT) need to configured with tuples that apply to both devices/networks. It’s advisable to use a public DNS service that’s capable of checking the health of a service endpoint and failing the DNS record over to the public IP address on the standby device. TTL on these DNS records should be set to less than five minutes.

What happens if the configuration synchronization jobs fails?

Saasyan will receive an alert, rectify Paximus service related issues and notify the client if the failure is due to problems at the client side.

What are the configuration sections that are kept in sync?

The client can choose the configuration sections that need to be kept in sync.

How frequently does Paximus synchronize the configuration?

As frequently as the client likes. Each sync will require the secondary Palo Alto Networks® Next Generation Firewall to be up for 15 minutes if there are configuration changes to be applied.

How does Saasyan Paximus reach the primary and secondary Palo Alto Networks® Next Generation Firewalls?

Directly over the Internet or via an agent installed on premise.

Where is the service hosted?

Saasyan Paximus is completely hosted and managed by Saasyan.