About MikeSangray2019

MikeSangray2019 · ‎08-06-2020

Thanks, I've been through the guide and I think I'm configuring it correctly, but it's not working. It would be nice to see an example screenshot or two instead of just instructions. For example a screenshot with Step 3 '(Optional) Configure a vendor-specific or custom DHCP option that the DHCP server sends to its clients' would really help to verify syntax.

MikeSangray2019 · ‎08-05-2020

I am using my pa-850 as a DHCP server on a small office LAN. I need to assign a VLAN to the phones and another VLAN to the computers. The phones are sending Option 61 Client identifier as part of DHCP Discover. How do I configure DHCP custom options to use the Option 61 value and return a specified VLAN ID?

MikeSangray2019 · ‎06-25-2020

Sorry, I did not open a ticket with support for this.

MikeSangray2019 · ‎06-25-2020

No, I did not get a resolution for this.

MikeSangray2019 · ‎05-22-2020

It was switch config. Needed to setup a second port channel on the switches so the interfaces that went to firewall 1 were in a port channel and the interfaces that went to firewall 2 were in their own port channel. This post also helped. https://live.paloaltonetworks.com/t5/general-topics/active-pasive-ha-with-lag-to-virtual-chassis-dropped-packets/td-p/27117#

MikeSangray2019 · ‎05-15-2020

I'm working on an HA project, but can't get the interfaces to negotiate. 2 x PA-3220 v8.1 2 x Dell N4032F switches latest recommended firmware The firewalls are setup for active/passive HA and the switches are configured for MLAG and have a LAG setup to connect to the firewalls. The PA ae interface on the active firewall shows one physical interface as active, but the other is 'not active (negotiation failed)' resulting in an amber link state. I've checked all of the settings on both the PA and switches and it looks like it should be working. System logs show lacp, critical, nego-fail, "LACP interface ethernet1/19 moved out of AE-group ae1. Selection state Unselected(Negotiation failed)'" What logs and settings should I check again? Also wondering if this solution with multiple AE might be an option, but it's an older post so I'm not sure if it still applies. https://live.paloaltonetworks.com/t5/general-topics/active-pasive-ha-with-lag-to-virtual-chassis-dropped-packets/td-p/27117#

MikeSangray2019 · ‎04-27-2020

Logs are being shipped to Splunk. I'm following the directions to use custom formatting ' Enter the log format above. Click on the field names in the left panel to include them in the log format.' by clicking on the name, then commit, and then no more config logs after that change to use custom log formatting. Return to default and config logs start working again. Just confirmed again. Maybe something for tech support?

MikeSangray2019 · ‎04-24-2020

I'm trying to get the firewall to send before and after change detail to splunk. I've tried various formats in Custom Log Format, but any changes I make result in no logs being sent to splunk. What is the correct format for Custom Log Format when using syslog and splunk? I'm running PA OS 8.1

MikeSangray2019 · ‎03-03-2020

Thanks. Maybe a feature request to change behavior to allow for adding fields to default rather than having to recreate and potentially miss some fields.

MikeSangray2019 · ‎03-02-2020

If I use a custom log format for syslog does the new custom format replace the existing default format? So if I want syslog to send before-change-detail and after-change-detail do I have to add every default field to the new custom format so I get default+custom?

MikeSangray2019 · ‎02-14-2020

The EDL entries aren't part of the exportable config via the api and if the IP isn't part of an event it won't show in a SIEM. It does look like you can generate a list using the CLI via 'request system external-list show' so that might be an option for a script or a report?

MikeSangray2019 · ‎02-14-2020

Is there a way to search my current EDLs for an IP?

MikeSangray2019 · ‎01-16-2020

I'm working on this as well. To be clear, this has to be enabled twice in three places. 1) the GUI URL Filtering Profile -> URL Filtering Settings (tab) 2) cli --> > configure # set deviceconfig setting ctd x-forwarded-for yes|no https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIVCA0 3) create a custom URL Category with your sites listed, apply this custom category to a URL Filtering Profile, and apply the filtering profile to the appropriate security policies This is working for me.

MikeSangray2019 · ‎01-10-2020

I am on a 3220 8.1.10 and agent version 5.0.5. Downloading the agent from the portal is very slow; usually less than 1M. Network, upload speeds, etc. checks out, so it appears to be just downloading the agent. Portal and gateway config is using loopback setup and non-standard ssl port. This can be an issue when we have remote users on poor Internet connections - the agent download doesn't always complete. My connection is 100M and agent download speeds are still <1M.

MikeSangray2019 · ‎01-02-2020

Thanks. What kind of latency are you seeing?

Date Registered	‎10-17-2019 12:50 PM
Date Last Visited	3 weeks ago
Total Messages Posted	39

Online Status	Offline
Date Last Visited	3 weeks ago

About MikeSangray2019

Re: Syslog Custom Format for Splunk

Re: Syslog Custom Format for Splunk

Re: HA Configuration on PA-3220 - HA1 is UP but HA1 Backup is Down

Re: Logging to Panorama and Splunk

Logging to Panorama and Splunk

Re: DHCP client identifier 61 return VLAN id

DHCP client identifier 61 return VLAN id

Re: Syslog Custom Format for Splunk

Re: Syslog Custom Format for Splunk

Re: AE Interface State when Connected to Switch LAG

AE Interface State when Connected to Switch LAG

Re: Syslog Custom Format for Splunk

Syslog Custom Format for Splunk

Re: Syslog Custom Log Format

Syslog Custom Log Format

Re: Search EDLs

Search EDLs

Re: Reverse Proxy and X-forwarded-for

GlobalProtect agent download speed very slow

Re: Dealing with a Google Cloud VPN and setting MTU

Network Security

Cloud Security

Security Operations

About MikeSangray2019