About KiCheon.Lee

KiCheon.Lee · ‎11-12-2013

Hello Adak, Thanks for your answer. I have a more detail question. I use wildfire configuration that action for all files is forward. Are all files(ppt , jpg etc..) forwarded from data-plane to management-plane? If it is true, I think management-plane buffer allocated wildfire will be very hard. If buffer will be overflow what value on 'show wildfire statistics' will be increased?? I read manual that if buffer will be overflow cancel_disk_io_fail on 'show wildfire statistics' will be increased. But I have found it on this cli output. Thanks.

KiCheon.Lee · ‎11-10-2013

Hello. I am seeing data-filtering logs for wildfire and have found some logs. It is pdf file log that action is forward. Wildfire configuration is any application and action forward. But PDF is not PE file. I don't understand Why pdf file action is forward. forward Data plan detected a PE file on a WildFire-enabled policy. The PE file is buffered in management plane. At this point, if you only see "forward" for a specific file, then that means it is either signed by a trusted file signer, or it is a benign sample that the cloud has already seen. In either case, no further action is performed on the file, and no further information is sent to the cloud (not even session information is sent for previously seen benign files). This means that you will not see an entry in the WildFire web portal for these files. I think reason that the data plan detected any file on a wildfre-enabled policy and the any file is buffered in management plan because wildfire configuration is any file. Right? I know only PE file was forward when wildfire configuration is any file. Thanks.

KiCheon.Lee · ‎11-03-2013

Hi Thanks for the answer. If I don't make QoS configuration, FW will be performed tail dropping on congestion management. And if I make QoS Configuration, FW will be performed WRED on congestion management. Right??

KiCheon.Lee · ‎11-01-2013

Hello I have made qos configuration. I have questions when am checking qos. Look at the following command show qos interface ethernet1/1 hw-counter qid name pass bytes WRED drop policing drop -------------------------------------------------------------------------------- 0 default 3408809811 0 0 -2 bypass 14803984933 584640 0 I don't know what WRED drop and policing drop mean and what two counters are difference.

KiCheon.Lee · ‎10-31-2013

Thanks for your helps, Richard.

KiCheon.Lee · ‎10-30-2013

I am helped from your information. Thanks. I have a question about it. There is a predict session in session-browser. If a packet that match the predict session is no one. and this predict session is ended by session time-out. Does FW write traffic log for this predict session or not? Regards, Cheon

KiCheon.Lee · ‎10-28-2013

Hi NGS, Did you succeed above test that import logdb from PA-2050 to other device?? I would like to know the result. Would you help me? Thanks

KiCheon.Lee · ‎10-17-2013

KiCheon.Lee · ‎10-17-2013

Hello, I have seen ez pid on cli output result of show session id xxx. What is the ez pid? Thanks

KiCheon.Lee · ‎10-17-2013

OK. Thanks.

KiCheon.Lee · ‎10-17-2013

Hi slv, Thanks for your answer. I am using 4.1.7-h2 version. Is 53938 fixed in only 5.0.8? Is there fixed version in 4.1.X? I have searched 4.1 release notes but I don't found.

KiCheon.Lee · ‎10-16-2013

Hello, My customer is installing video conference hardware. The video and voice traffics are normal from internal to external (internet). This mean is Internal user call external user. But Internal user doesn't see external user video when external user call internal user. I had checked NAT rules and security policy rules. It is no problem. So I did filtering and capturing in packet-capture. Many UDP traffics were dropped by 'forwarded to different zone' Routing configuration is no problem and PBF isn't used. And I had checked sessions on session-browser when external user call internal user. I had seen wrong sessions. There are sessions from captive-portal zone to captive-portal zone on session browser. Captive-portal isn't used and There is not captive-portal named zone in zones. I don't understand why this situation occurred. Please someone help me.

KiCheon.Lee · ‎10-07-2013

Hello Tilak, I could not downgrade GP agent on transparent mode. I had changed only two configurations. Upgrade mode was changed from prompt to transparent and global protect client on device menu downgrade low version. Thanks

KiCheon.Lee · ‎10-07-2013

I have seen capturing files after input this CLI command. Thanks.

KiCheon.Lee · ‎10-07-2013

Hello, I have issue about Global Protect. So I want to downgrade Global Protect Agent. Does Global Protect Agent downgrade automatically on transparent mode? I have tested result for one PC what doesn't downgrade automatically, right? Thanks

Member Since	‎04-29-2011 08:30 AM
Date Last Visited	‎07-20-2020 07:48 PM
Posts	195
Total Likes Received	15

Online Status	Offline
Date Last Visited	‎07-20-2020 07:48 PM

About KiCheon.Lee

Rest API about "export table" button for exporting rules"

I want to ignore to update ip-user-mapping information from other domain.

What purpose is 'parent app' when to create custom app?

HA1 interface was down during 1 second by restarting connection after heartbeat failure.

Re: About throughput performance with only url filtering

About throughput performance with only url filtering

Re: About FSCK on Panorama

Re: About FSCK on Panorama

About FSCK on Panorama

Re: What OS on windows server can PA support about global protect?

About HA1 connection down in system critical log.

Re: Can I make custom application signature for using referer of http header?

Re: What does 'devsrvr' daemon operate?

Re: Custom Button on URL Continue Response Page

How many can I create url-filtering profile on 5050?

Re: What OS on windows server can PA support about global protect?

Re: Can I make custom application signature for using referer of http header?

Re: What OS on windows server can PA support about global protect?

Re: About address and EBL limitation for maximum

Re: What does 'devsrvr' daemon operate?

Re: Why pdf file action is forward on wildfire?

Why pdf file action is forward on wildfire?

Re: What do WRED drops and Policing drop on qos mean?

What do WRED drops and Policing drop on qos mean?

Re: session browser source=0.0.0.0?

Re: session browser source=0.0.0.0?

Re: Importing Logdb into different devices

Re: What is the 'ez pid' on show session id XX output?

What is the 'ez pid' on show session id XX output?

Re: There are sessions from captive-portal zone to captive-portal zone on session browser.

Re: There are sessions from captive-portal zone to captive-portal zone on session browser.

There are sessions from captive-portal zone to captive-portal zone on session browser.

Re: Does Global Protect Agent downgrade automatically on transparent mode?

Re: FW doesn't display capturing files on packet-capture.

Does Global Protect Agent downgrade automatically on transparent mode?

Unlock your full community experience!

About KiCheon.Lee