About HULK

Hi, What happens when the PA-500 encounters a frame size over 1500 MTU, does is just pass it through without inspection (hence the speed increase)? Ans:- No, it should  fragment the packet into a smaller size as per the MTU of  that link. Thanks Subhankar ... View more

Hi Alain, Please find below mentioned discussion, hope it will help you for the 1st Qn. https://live.paloaltonetworks.com/docs/DOC-2208#comment-4467 Thanks subhankar ... View more

Hi, Could you please verify the category from below mentioned link. http://www.brightcoud.com/support/lookip.php Also check the traffic logs ( click into the magnifying glass symbol of the dropped traffic)  for more details. Thanks Subhankar ... View more

Hi, Could you please provide below mentioned information. admin@PA-500> show running resource-monitor   >>>>>>>>>>>>>>> current as well as previous CPU history admin@PA-500> debug dataplane pool statistics >>>>>>>>>>>>>> available/Utilize pools admin@PA-500> show running logging  >>>>>>>>>>>>>>>>> logging rate of this firewall admin@PA-500>show counter global filter delta yes packet-filter yes >>>>>>>>>>>>>>>> apply this command and verify below mentioned parameter If any of them is high. Packet rate IP TTL ZIP processing Logging rate Packets queued for FPGA Thanks Subhankar ... View more

Hi, If you reserve an IP address for a particular MAC address, it means as long as the host ( MAC you have reserved)  is active in the network, the PA firewall will always assign the same IP address to that host ( static binding). So, the last 2 column ( duration and lease time)  will be invalid in this case. That is the reason, in case of static binding, PA firewall is not showing duration and lease time info here. Thanks Subhankar ... View more

Hi, Sorry, i could not understand the issue at first point. Now I have checked few of our PAN-OS versions ( including the latest one)  and could not find the option to add a label for "reserved address". Thanks Subhankar ... View more

Hi, Could you please confirm if you are hitting below mentioned Bug on PAN-OS 5.0.5 47237—When mapping an IP address to a MAC address for DHCP reservation, the  firewall would not normalize the upper case and lower case letters entered for the MAC address format. So, the MAC address aa:aa:aa:aa:aa:aa and aa:aa:aa:aa:aa:AA were each  regarded as unique MAC addresses. This issue caused errors and misconfiguration when  more than one IP address was reserved for the same MAC address. Thanks Subhankar ... View more

Hi, Normally, when traffic enters the firewall, the ingress interface virtual router dictates the route that determines the outgoing interface and destination security zone based on destination IP address. With policy-based forwarding (PBF), you can specify other information to determine the outgoing interface, including source and destination IP addresses, source and destination ports, and user ID. But, in your case, once you will deploy virtual wire into PA firewall, there are no more routing involves into it. In virtual mode PA firewall acts as a "transparent device" and can not implement PBF into it. Thanks Subhankar ... View more

Hi, Please find below mentioned document, hope it will help you. Thanks Gantait ... View more

Hi, Could you please make the PA firewall as initiator which is behind the dynamic public IP address. Also set the IKE negotiation in aggressive mode.  Since we don't have any address to use to contact the peer ( to the dynamic side). . Also set the IKE gateway "Peer type" as dynamic with a suitable  local and peer identification ( FQDN, IP address, email Address). Thanks Gantait ... View more

Hi, You will be able to achieve the same through PBF ( Policy based forwarding), but keep in mind as PBF decision has been taken by PBF "RULE" configured on the PA firewall, not by routing. So PBF rule can replace the routing as  it is not session based. Please make sure incoming/outgoing traffic passing through the same ISP link. It will help you to avoid asymmetric-routing. Thanks Subhankar ... View more

Let me check the same into my Lab and accordingly will update you. Thanks Gantait ... View more

Hi, If RPM is the only concern, then it is fine. But if the fan is making noise then it might be a different issue. Ideally, during initial boot-up process the fan will rotate at a high speed and after some time it comes to a normal state ( after completing the bootup process). Thanks Gantait ... View more

HI, Yes, it looks like normal. I have taken an o/p from the same platform as mentioned below. admin@32-PA-3050> show system environmentals ----Thermal---- Slot   Description                         Alarm      Degrees C S1    Temperature @ Ocelot                False      27.30 S1    Temperature @ Switch                False      29.50 S1    Temperature @ Cavium                False      33.50 S1    Temperature @ Intel PHY             False      27.30 ----Fans---- Slot   Description                         Alarm      RPMs S1    Fan #1 RPM                          False      14466 >>>>>>>>>>>>>>>>>>>>>> S1    Fan #2 RPM                          False      13775 >>>>>>>>>>>>>>>>>>>>>> S1    Fan #3 RPM                          False      14160 >>>>>>>>>>>>>>>>>>>>>> S1    Fan #4 RPM                          False      14321 >>>>>>>>>>>>>>>>>>>>>> ----Power---- Slot   Description                         Alarm      Volts S1    1.0V Power Rail                     False      0.99 S1    1.0V Cav Power Rail                 False      1.00 S1    1.2V Power Rail                     False      1.21 S1    1.8V Power Rail                     False      1.79 S1    2.5V Power Rail                     False      2.47 S1    3.3V Power Rail                     False      3.32 S1    5.0V Power Rail                     False      5.11 S1    1.5V Power Rail                     False      1.50 S1    1.1V Power Rail                     False      1.10 S1    3.3V_SD Power Rail                  False      3.34 Thanks Gantait ... View more