This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

About sib2017

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
sib2017
‎11-01-2018
since ‎11-13-2014
L4 Transporter
User Activity
User Profile
Latest posts by sib2017
View All
My Liked Posts
View All
User Badges
Community Statistics
Member Since ‎11-13-2014 09:05 PM
Date Last Visited ‎11-01-2018 06:43 PM
Posts 163
Total Likes Received 3

Pan agent

by in General Topics
‎05-19-2016 03:59 AM
‎05-19-2016 03:59 AM
Hi, I was using windows 2008 Domain controller and Palo alto ldap profile configured. ,Now changing to 2012 So which version of panagent need to be installed. Where can i download the panagent ? Is there something need to be done on paloalto side after migrating dc Thanks       ... View more

Re: show counter global filter category flow aspect dos

by in General Topics
‎04-27-2016 09:37 PM
‎04-27-2016 09:37 PM
Hi Here is the tx , it seems  packets are leaving firewall ?       As per the  below diagram  rx of both interface will be  recordeed in rx stage  and tx in the tx stage, At firewall stage what all will be recorded             Thanks         ... View more

Re: show counter global filter category flow aspect dos

by in General Topics
‎04-26-2016 02:26 PM
‎04-26-2016 02:26 PM
Actually  there is only one physical firewall ,those three are in differnet zone ... View more

Re: show counter global filter category flow aspect dos

by in General Topics
‎04-25-2016 04:29 PM
‎04-25-2016 04:29 PM
Hi reaper    I have attached the rx  capture file  , and   topology    filter  : source  10.10.10.10  destination 172.100.10 .254          Please help to understand   Thanks                 ... View more

Re: show counter global filter category flow aspect dos

by in General Topics
‎04-25-2016 03:31 AM
‎04-25-2016 03:31 AM
Hi, If i change the client ip address it works .      ... View more

Re: show counter global filter category flow aspect dos

by in General Topics
‎04-25-2016 01:45 AM
‎04-25-2016 01:45 AM
Hi,   Thanks reaper .    Traffic shows incomplete to a server from a host . but the other host can reachable So i was thinking it may due to the dos policy (zone protection or dos rule ). So how can i verify which policy casuing the 'incomplete' But there is no log under threats Thanks again ... View more

show counter global filter category flow aspect dos

by in General Topics
‎04-24-2016 11:59 PM
‎04-24-2016 11:59 PM
  Hi,     Below is  output of  'show counter global filter category flow aspect dos'    What does it mean by value and rate . Does it mean '143291' packets dropped ?        name value rate severity category aspect             flow_dos_red_tcp 1143291 0 drop flow dos flow_dos_pf_ipfrag 57444 0 drop flow dos flow_dos_pf_icmplpkt 1100 0 drop flow dos flow_dos_pf_tcpoverlappingmismatch 20411 0 drop flow dos flow_dos_zone_red_max 446965 0 drop flow dos flow_dos_zone_red_act 696326 0 drop flow dos flow_dos_rule_drop 403117 0 drop flow dos flow_dos_rule_drop_classified 403117 0 drop flow dos flow_dos_rule_allow_under_rate 3402693 0 info flow dos flow_dos_rule_allow 35492603 21 info flow dos flow_dos_rule_match 39298413 22 info flow dos flow_dos_rule_nomatch 129318926 32 info flow dos flow_dos_no_empty_entp 517212 0 info flow dos flow_dos_curr_sess_add_no_entp 114095 0 info flow dos flow_dos_curr_sess_del_no_entp 124207 0 info flow dos flow_dos_cl_curr_sess_add_incr 72234191 27 info flow dos flow_dos_cl_curr_sess_del_decr 72222602 28 info flow dos     Thanks   ... View more

incomplete and ddos drops

by in General Topics
‎04-24-2016 02:59 AM
‎04-24-2016 02:59 AM
Hi The following report shows incomplete Database: Traffic Log Columns: Source Zone, Source Address, Source Port, Destination Zone, Destination Address, Destination Port, Application, Bytes Query Builder: (app eq incomplete) and (port.dst leq 1023) but the " show counter global filter category flow aspect dos " does not give any indication of drops   name value rate severity category aspect description     flow_dos_red_tcp 1143291 0 drop flow dos Packets dropped: Zone protection protocol 'tcp-syn' RED flow_dos_pf_ipfrag 60010 0 drop flow dos Packets dropped: Zone protection option 'discard-ip-frag' flow_dos_pf_icmplpkt 1100 0 drop flow dos Packets dropped: Zone protection option 'discard-icmp-large-packet' flow_dos_pf_tcpoverlappingmismatch 21198 0 drop flow dos Packets dropped: Zone protection option 'discard-overlapping-tcp-segment-mismatch' flow_dos_zone_red_max 446965 0 drop flow dos Packets dropped: Maximal zone RED threshold reached flow_dos_zone_red_act 696326 0 drop flow dos Packets dropped: Activate zone RED threshold reached, random early drop flow_dos_rule_drop 412022 0 drop flow dos Packets dropped: Rate limited or IP blocked flow_dos_rule_drop_classified 412022 0 drop flow dos Packets dropped: due to classified rate limiting                     So how can i co-relate ? Thanks   ... View more

Re: understanding palo alto classifying traffic

by in General Topics
‎04-19-2016 05:00 AM
‎04-19-2016 05:00 AM
Thank you reaper    How Dos rule action 'protect' protects the network and what is the differnence between protect and  deny Thanks ... View more

Re: understanding palo alto classifying traffic

by in General Topics
‎04-18-2016 10:50 PM
‎04-18-2016 10:50 PM
Hi   if i have Zone-Based Protection  profile in  untrust  zone  , for more granularity i can add  protection DoS Rule base and Profiles . If yes what is the best practice   Thanks ... View more

Vulnerability exemption

by in General Topics
‎04-03-2016 03:48 AM
‎04-03-2016 03:48 AM
Hi what is actually simple-client-critical simple-client-medium   I   I  want to change the default action from alert to block . the rule is under simple-client-medium , but the search result shows it is under simple-client-high Thanks       ... View more

Re: dns amplification attack

by in General Topics
‎04-02-2016 11:53 PM
‎04-02-2016 11:53 PM
Hi, "And zone protection on the interface where your DNS servers are to prevent your servers being used as amplifiers. " Can you explain how to do that . Thank you  ... View more

Re: packet capturing pa

by in General Topics
‎03-30-2016 08:57 PM
‎03-30-2016 08:57 PM
Hi, I am using  assymteric path ( active -active ). So i believe it is very difficult using packet analysis . Actually i have severe  issue like when users are downloding files it  takes much longer time  than expected .How can i verify PA is not doing any abnormal activities  Thanks ... View more

dns amplification attack

by in General Topics
‎03-29-2016 12:51 AM
‎03-29-2016 12:51 AM
Hi,   What are the best practices need to be followed  to  protect from the ddos  dns amplification attack .  How to  filter the  trace  from the  log  if there is any attack happened ?  Thanks ... View more

tap zone and ddos profile

by in General Topics
‎03-29-2016 12:41 AM
‎03-29-2016 12:41 AM
Hi, I have created tap zone and created policy under security policies . In my ddos profile there are two policies one for trust zone another one for untrust zone if I create another policy for tapzone , is it a good creating another ddos policies for tap zone   if yes how can i do that ? Thanks     ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎11-01-2018 06:43 PM
Latest Tags
No tags yet
Likes Given To
Likes From
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks