This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

About HULK

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
HULK
‎11-12-2025
since ‎02-23-2013
L7 Applicator
User Activity
User Profile
Latest posts by HULK
View All
User Badges
Community Statistics
Member Since ‎02-23-2013 04:45 PM
Date Last Visited ‎11-12-2025 02:10 PM
Posts 1,664
Total Likes Received 575

Re: PA to Cisco 5505 VPN tunnel

by in General Topics
‎06-04-2014 12:57 PM
‎06-04-2014 12:57 PM
Hello Infotech, Could you please clear the IKE and IPSec security association (SA) on both firewalls and then initiate the tunnel once again. For example, in PAN FW: clear vpn ike-sa gateway XXXXX Delete IKEv1 IKE SA: Total 1 gateways found. > clear vpn ipsec-sa tunnel XXXXXX Delete IKEv1 IPSec SA: Total 1 tunnels found. > test vpn ike-sa gateway XXXXXX Initiate IKE SA: Total 1 gateways found. 1 ike sa found. > test vpn ipsec-sa tunnel XXXXXX Initiate IPSec SA: Total 1 tunnels found. 1 ipsec sa found. Also, verify if there are any IKE session in discard state between the gateways. Thanks ... View more

Re: M100 quota command

by in General Topics
‎06-03-2014 09:08 AM
‎06-03-2014 09:08 AM
Related discussion: Re Thanks ... View more

Re: Authenticated NTP

by in General Topics
‎06-03-2014 08:21 AM
‎06-03-2014 08:21 AM
A feature request is already submitted for the same. Description: MD5 authentication for NTP FR ID: 735 I would request you to contact with your PAN SE to get the latest information. Thanks ... View more

Re: False positive detection?

by in General Topics
‎06-03-2014 12:34 AM
‎06-03-2014 12:34 AM
Hello Ray, Could you please update the link to download the file “PCCPatcher.dll”.? Thanks ... View more

Re: How to Generate a Configuration Change Report

by in General Topics
‎06-02-2014 05:10 PM
‎06-02-2014 05:10 PM
Here is the related discussion,   How to generate a configuration change report It seems the feature is available on 6.0.x. ... View more

Re: Custom format for email Alerts

by in General Topics
‎06-02-2014 09:38 AM
‎06-02-2014 09:38 AM
Related discussion: Alert Text E-mail Thanks ... View more

Re: Blocking page for https traffic

by in General Topics
‎06-02-2014 09:36 AM
1 Kudo
‎06-02-2014 09:36 AM
1 Kudo
Could you please confirm that Decryption policy is configured on the PAN FW or not, if not, then you have to configure: A certificate on the PAN Device. One of the following: A self-signed/self-generated certificate which is a CA certificate configured for Forward Trust / Forward Untrust use (as relevant to deployment requirements) Note: if using a self-signed/sef-generated certificate it will be necessary to import this certificate into the client machine's certificate store to avoid unwanted browser certificate errors An intermediate CA certificate installed on the PAN Device which was generated by an organization's internal CA also configured for Forward Trust / Forward Untrust use Even though you haven't configured a decryption policy, The PAN firewall will internally decrypt the packet to push the BLOCK page notification in front of the end user, during handshake. How to Configure the Palo Alto Networks Device to Serve a URL Response page Over an HTTPS Session without SSL Decryption But, as per my experience, you will get the best result with a decryption policy. Thanks ... View more

Re: what is SYSTEM ALERT : high : sslvpn: exiting because service missed too many heartbeats?

by in General Topics
‎06-01-2014 11:42 PM
‎06-01-2014 11:42 PM
Hello Gururaj, Are you able to connect with Global protect ...?? If not, could please try to restart the SSL VPN process and try once again. What is the current PAN OS running on your firewall..? Thanks ... View more

Re: Content-Filter and Decryption - ERR_SSL_PROTOCOL_ERROR

by in General Topics
‎06-01-2014 10:10 AM
‎06-01-2014 10:10 AM
Hello Phil, Please find below doc for the same: Packet Capture, Debug Flow-basic and Counter Commands Thanks ... View more

Re: Content-Filter and Decryption - ERR_SSL_PROTOCOL_ERROR

by in General Topics
‎05-31-2014 09:49 AM
‎05-31-2014 09:49 AM
Hello Phil, Could you please take a TCP FLOW_BASIC, CTD  to get some more details information. Thanks ... View more

Re: Content-Filter and Decryption - ERR_SSL_PROTOCOL_ERROR

by in General Topics
‎05-31-2014 06:54 AM
‎05-31-2014 06:54 AM
FYI: Google Chrome: In order to enable TLS 1.0 in Chrome do the following: 1. Click the wrench icon: 2. Choose Options 3. Select "Under the Hood" Tab 4. Click Change proxy settings 5. Select "Advanced" Tab 6. Scroll down and check TLS 1.0 7. Close and restart all open browsers. Thanks ... View more

Re: Content-Filter and Decryption - ERR_SSL_PROTOCOL_ERROR

by in General Topics
‎05-31-2014 06:53 AM
‎05-31-2014 06:53 AM
Hello Pstriker, Could you please verify, what version of TLS you are getting during SSL handshake. The SSL versions supported by PAN-OS 5.0.x are: SSLv3, TLS1.0, and TLS1.1. If you are getting a connection on TLS version 1.2, you can change the browser settings to use a lower TLS version and let us know the result. Also make sure, below mentioned settings is unchecked if you have a "decryption profile" configured on your firewall during the test. SSL Decrypt Thanks ... View more

Re: Alerts to a new release of PAN-OS

by in General Topics
‎05-30-2014 02:31 PM
‎05-30-2014 02:31 PM
Hello Bango, There is an alternative way to get community digest summary report, which will include the information about the new PAN OS release. Email Notifications for Followed Activities Software Release Notices: PAN-OS 6.0.x Software Release Notices: PAN-OS 5.0.x Software Release Notices: Panorama Hope this helps. Thanks ... View more

Re: Tunnel flow

by in General Topics
‎05-30-2014 01:54 PM
‎05-30-2014 01:54 PM
Hello Infotech, As i mentioned before, there will be only a pair of keys for encryption and decryption. local spi:              9AC6CEDC  >>>>>>>>>>>> It will be used for encrypting traffic going into the tunnel. remote spi:             DF67E405   >>>>>>>>>>> It will be used for decrypting traffic coming through the tunnel from other end FW So, there is no specific way to track bidirectional flow through the VPN (0.0.0.0/0 proxy ID---- eventually it will pass all traffic through tunnel) . But, if you configure a specific PROXY-ID, for example SRC-1.1.1.1/32 and DST-2.2.2.2/32 and then you may  monitor the encap packets/decap packets counter to know whether PAN is receiving or sending as well . ( Bidirectional flow). Thanks ... View more

Re: Tunnel flow

by in General Topics
‎05-30-2014 01:25 PM
1 Kudo
‎05-30-2014 01:25 PM
1 Kudo
Hello Infotech, The SPI (security parameter Index) value will be same for a specific Proxy-ID. Hence there will be a pair of keys for encryption and decryption.  You will be able to see encap/decap or incoming byte/outgoing bytes from tunnel point of view. > show vpn flow tunnel-id XX --- Thanks ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎11-12-2025 02:10 PM
Latest Tags
No tags yet
Likes Given To
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks