About COlson

COlson · ‎12-04-2020

Commit shows no error. When I go to the actual PAN device and look at the service route, I can see it's set to customize, and LDP has a source interface of ethernet1/1 and the source address of that interface. 'show deviceconfig system route service' returns 'service;' Should this not be configured from Panorama (the interface is not showing as being overridden so I can see that the template pushed successfully but now I'm curious.)? Thanks.

COlson · ‎12-04-2020

Hello, I need to create a source service route for LDAP on one of our PANs due to MGT interface IP being unable to access the LDAP servers (I am unable to change this). I have gone into Device, Setup, Services, Service Route Configuration, selected customize and then changed LDAP to use ethernet1/1 and the source of that address. I then committed the changes. However, I still see no changes to the LDAP requests... logs show that the PAN is still trying to access LDAP server over the MGT interface and after further research it seems I should see source service routes using this command : "debug dataplane internal vif route 250" but when I do that, it shows up as blank. Is there some step I am missing? Thanks.

COlson · ‎10-19-2020

You are correct... in my haste, I did not pay attention to the download and downloaded the Threats + Apps instead of just Apps. Once I did that, the upload worked as expected. Thank you for the help!

COlson · ‎10-12-2020

Hello, I am trying to update my OSS PA but am receiving an error of "failed to update content with following message encfilesize." I have tried different content versions and the result is the same. The contents are transferred to the PA via SCP. And unfortunately, I can't update PanOS without being able to update the content first. There is no previous content to delete so I am unable to try that. I've seen some posts on other forums about this but it usually related to active boxes and licenses and this is the OSS so it's not using a license and the transfer is via SCP and filesize looks valid. Thanks.

COlson · ‎09-02-2020

Hello everyone, I am seeing a strange issue that I haven't come across before and I'm not sure how to troubleshoot it. To make it as simple as I can, sometimes traffic going to a specific destination isn't using the defined OSPF route. So for example, the destination is 10.50.0.0/16 and OSPF is enabled on the virtual router using a specific tunnel... when I do a route lookup, it's there and I see successful traffic from the same source zone, using the same application and port to the desired destination using the proper OSPF tunnel. When I do a test routing fib-lookup to that range, it shows it should use that tunnel. However, sometimes it doesn't use the tunnel and traffic ends up in the wrong zone and is denied. I see no static route to this address, and I can't find any PBF involved. Does anyone have any ideas what might be impacting this routing but only on occasion?

Member Since	‎05-10-2019 02:15 PM
Date Last Visited	‎03-02-2023 10:42 PM
Posts	25
Total Likes Received	2

Online Status	Offline
Date Last Visited	‎03-02-2023 10:42 PM

About COlson

Re: GlobalProtect HIP issues

GlobalProtect HIP issues

Re: Site to Site VPN failing when IKEv2 and different PANOS

Site to Site VPN failing when IKEv2 and different PANOS

Debug Dataplane Help

Re: Service Route Help

Debug Dataplane Help

Re: Content Update Issue

Re: Service Route Help

Service Route Help

Re: Content Update Issue

Content Update Issue

Traffic Question