This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

About kadak

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
kadak
‎03-08-2024
since ‎11-07-2011
L5 Sessionator
User Activity
User Profile
Latest posts by kadak
View All
My Liked Posts
View All
User Badges
Community Statistics
Member Since ‎11-07-2011 07:38 AM
Date Last Visited ‎03-08-2024 01:53 PM
Posts 259
Total Likes Received 129

Re: How to solve overlaping IP addresses for configuration with Shared Gateway and multiple Virtual Systems

by in General Topics
‎09-25-2013 08:41 AM
1 Kudo
‎09-25-2013 08:41 AM
1 Kudo
Hello Pawel, Yes. Multiple VR with multiple VSYS is the way to go. I was able successfully commit the following configuration: And was NOT able to commit this configuration: So, if you configure different VSYS with different VR, you should be able to configure different interfaces with overlapping subnets. Hope that helps! Regards, Kunal Adak ... View more

Re: PA-2050

by in General Topics
‎09-25-2013 06:22 AM
‎09-25-2013 06:22 AM
Hello Ron, For a PA-2050, 1000 SSLVPN/GlobalProtect Users are supported simultaneously. I hope the above information was helpful for you. Regards, Kunal Adak ... View more

Re: DNS Proxy Errors

by in General Topics
‎09-24-2013 12:19 PM
‎09-24-2013 12:19 PM
Hello Mario, Thank you for providing the details regarding dnsproxyd. This issue could be related to bursty DNS response received from the server, which would clog the buffer space available for DNS. This calls for a live troubleshooting session and in-depth tech support analysis - to see if a high rate would cause buffer depletion leading to dropped packets from the server side.  I was able to look up couple of similar existing cases which are still being investigated. At this point, opening a case through support portal would be the best way to tackle your issue. Regards, Kunal Adak ... View more

Re: DNS Proxy Errors

by in General Topics
‎09-24-2013 08:55 AM
‎09-24-2013 08:55 AM
Hello Mario, Could you please attach the output for the following command in a notepad file: > tail lines 1000 mp-log dnsproxyd.log > debug dnsproxyd show connections Hopefully, dnsproxyd.log gives us some valuable information about those failed resolutions. Regards, Kunal Adak. ... View more

Re: Unable to block port scanning even after enabling "zone protection profile".

by in General Topics
‎09-24-2013 07:38 AM
1 Kudo
‎09-24-2013 07:38 AM
1 Kudo
Hello Guruaj, The configuration for the zone protection does look right. There are couple of ways to see if the zone protection profile was triggered or not. Could you please provide me the output for the following commands while you are doing those scans: > show zone-protection zone <zone name> > show counter global | match dos Since we are testing anyways, we can try to change the action for those scans to alert and see if that makes any difference in populating threat logs. Regards, Kunal Adak ... View more

Re: Wildfire API

by in General Topics
‎09-24-2013 06:57 AM
‎09-24-2013 06:57 AM
Hello Edwin,   Three variables are passable in a GET request to the Wildfire API  - apikey,device_id and report_id.   The following request should return a XML containing the information from the the Wildfire report including the sha256 of the file: https://wildfire.paloaltonetworks.com/publicapi/report?apikey=<YOUR-API-KEY>&device_id=<YOUR-DEVICE-SERIAL>&report_id=<YOUR-REPORT-ID>   Also, you can use curl to get a report: curl -i -d apikey=<YOUR-API-KEY -d device_id=<YOUR-DEVICE-SERIAL> -d report_id=<YOUR-REPORT-ID> https://wildfire.paloaltonetworks.com/publicapi/report    Here is a good link for Wildfire's API guide. https://www.paloaltonetworks.com/documentation/wildfire-portal-api-doc.html     Please let me know if the above suggestions were helped you!   Regards, Kunal Adak           ... View more

Re: DNS service route doesn't work ?

by in General Topics
‎09-24-2013 06:40 AM
‎09-24-2013 06:40 AM
Hello Pawel, Are you able to ping the DNS servers from the Palo Alto firewall? So, if you are using an interface other than the management interface (example Ethernet1/2), are you able to ping from Ethernet1/2's ip address to the DNS server? OR, if you are using default configuration (i.e management interface), can you ping from the management interface to the DNS servers? Also, the DNS servers configured under Device> Setup > Services - are those internal or external? Regards, Kunal Adak ... View more

Re: tcpdump: no such file or directory

by in Automation/API Discussions
‎09-24-2013 06:20 AM
‎09-24-2013 06:20 AM
Hello ppater, I see the packets getting captured for receive, firewall and transmit stage.  Could you please perform the following steps and let us if it helped: 1.) Clear packet filter logs debug dataplane packet-diag clear all 2.) Delete any remaining files > delete debug-filter file * 3.) Restart vardata-receiver process. FYI, this restart of this process will be non-intrusive. > debug software restart vardata-receiver 4.) Set filter and capture and test. Regards, Kunal Adak ... View more

Re: Traffic Filter by Address Groups

by in General Topics
‎09-23-2013 10:44 AM
2 Kudos
‎09-23-2013 10:44 AM
2 Kudos
Hello Amy, Currently we do not have the functionality of filtering logs by address group objects. However, we do have a feature request submitted for it and to be included in the future releases ,your our account's SE can vote for it. Feature request(FR) ID : 130 Regards, Kunal Adak. ... View more

Re: custom report

by in Automation/API Discussions
‎09-23-2013 06:24 AM
‎09-23-2013 06:24 AM
Hello ict-support, There are couple of ways to approach this -- 1.) Create a custom report for that user and select the appropriate database for that user- Application/Threat/ Traffic (Summary/Detailed). The source user needs to be added as (user.src eq 'testdomain\testuser'). Below is a sample screenshot: OR 2.) You can create user activity reports under Monitor>PDF report > User Activity report Please let us know if our above suggestions helped you. Regards, Kunal Adak ... View more

Re: NAT Help - Reaching DMZ Server via NAT

by in General Topics
‎09-20-2013 12:48 PM
‎09-20-2013 12:48 PM
Hello John: The only route you require is on upstream router. The upstream router should know that if a packet comes in destined for 1.1.1.171, it should forward it to PAN's 1/1, since 1.1.1.171 comes under 1.1.1.160/28's umbrella. I would look for any sessions/traffic logs on the PAN sourcing from that outside client hitting 1.1.1.171. For example: Server (10.10.100.10)  ---- PAN ---- ISP-----  PC (1.1.1.1) > show session all filter source 1.1.1.1  If you don't see any sessions from 1.1.1.1, its very likely that there could be some routing issues on the ISP/upstream side. Also, you can verify through your traffic logs. You can use the following filter : ( addr.src in 1.1.1.1 ) One thing I noticed now in your first comment is that you said - "Internally, I can ping 1.1.1.171"..... Does that mean even the local LAN subnets are accessing that web-server using public ip address? If that is the case, we are dealing with a U-Turn NAT situation here! Regards, Kunal Adak ... View more

Re: NAT Help - Reaching DMZ Server via NAT

by in General Topics
‎09-20-2013 09:47 AM
‎09-20-2013 09:47 AM
You can also refer to page -16 of the following document. It explains you with an example of how DMZ servers are access from the outside. https://live.paloaltonetworks.com/docs/DOC-1517 Regards, Kunal Adak ... View more

Re: NAT Help - Reaching DMZ Server via NAT

by in General Topics
‎09-20-2013 09:45 AM
1 Kudo
‎09-20-2013 09:45 AM
1 Kudo
Hello John, In your D-NAT rule: Source Zone : TW Internet Destination Zone should also be : TW Internet Destination Address:1.1.1.71 Destination Translation should be : 10.10.100.10 Your security rule: Source Zone : Tw Internet Destination Zone : DMA zone where the server actually lies Destination IP :  1.1.1.171 Let us know if it worked for you. Regards, Kunal Adak ... View more

Re: Has anyone successfully made 'scribd' ReadOnly Access?

by in General Topics
‎09-18-2013 10:31 AM
‎09-18-2013 10:31 AM
Hello Art, I was able access scribd.com but not able to upload any files by blocking 'scribd-uploading' application only. Here is how my security policies looked: Also, I am seeing allowed sessions for 'scribd-base' application and discarded sessions for 'scribd-uploading' application admin@PA-500> show session all filter application scribd-uploading -------------------------------------------------------------------------------- ID      Application    State   Type Flag  Src[Sport]/Zone/Proto (translated IP[Port]) Vsys                                      Dst[Dport]/Zone (translated IP[Port]) -------------------------------------------------------------------------------- 19704   scribd-uploading DISCARD FLOW  NS   192.168.50.105[11583]/trust-L3/6  (10.66.24.50[60799]) vsys1                                     50.97.140.66[80]/untrust-L3  (50.97.140.66[80]) 19702   scribd-uploading DISCARD FLOW  NS   192.168.50.105[11581]/trust-L3/6  (10.66.24.50[40027]) vsys1                                     50.97.140.66[80]/untrust-L3  (50.97.140.66[80]) 19700   scribd-uploading DISCARD FLOW  NS   192.168.50.105[11579]/trust-L3/6  (10.66.24.50[6287]) vsys1                                     50.97.140.66[80]/untrust-L3  (50.97.140.66[80]) 19898   scribd-uploading DISCARD FLOW  NS   192.168.50.105[11728]/trust-L3/6  (10.66.24.50[65050]) vsys1                                     50.97.140.66[80]/untrust-L3  (50.97.140.66[80]) 19858   scribd-uploading DISCARD FLOW  NS   192.168.50.105[11696]/trust-L3/6  (10.66.24.50[39950]) vsys1                                     50.97.140.66[80]/untrust-L3  (50.97.140.66[80]) 19701   scribd-uploading DISCARD FLOW  NS   192.168.50.105[11580]/trust-L3/6  (10.66.24.50[37286]) vsys1                                     50.97.140.66[80]/untrust-L3  (50.97.140.66[80]) admin@PA-500> show session all filter application scribd Unrecognized application admin@PA-500> show session all filter application scribd-base -------------------------------------------------------------------------------- ID      Application    State   Type Flag  Src[Sport]/Zone/Proto (translated IP[Port]) Vsys                                      Dst[Dport]/Zone (translated IP[Port]) -------------------------------------------------------------------------------- 19740   scribd-base    ACTIVE  FLOW  NS   192.168.50.105[11613]/trust-L3/6  (10.66.24.50[13139]) vsys1                                     50.97.140.66[443]/untrust-L3  (50.97.140.66[443]) 19918   scribd-base    ACTIVE  FLOW  NS   192.168.50.105[11735]/trust-L3/6  (10.66.24.50[7920]) vsys1                                     173.192.64.45[80]/untrust-L3  (173.192.64.45[80]) 19685   scribd-base    ACTIVE  FLOW  NS   192.168.50.105[11573]/trust-L3/6  (10.66.24.50[60986]) vsys1                                     173.192.64.45[80]/untrust-L3  (173.192.64.45[80]) 19691   scribd-base    ACTIVE  FLOW  NS   192.168.50.105[11574]/trust-L3/6  (10.66.24.50[31546]) vsys1                                     173.192.64.45[80]/untrust-L3  (173.192.64.45[80]) 19819   scribd-base    ACTIVE  FLOW  NS   192.168.50.105[11668]/trust-L3/6  (10.66.24.50[4729]) vsys1                                     174.35.35.7[80]/untrust-L3  (174.35.35.7[80]) 19738   scribd-base    ACTIVE  FLOW  NS   192.168.50.105[11611]/trust-L3/6  (10.66.24.50[27250]) vsys1                                     50.97.140.66[443]/untrust-L3  (50.97.140.66[443]) 19897   scribd-base    ACTIVE  FLOW  NS   192.168.50.105[11727]/trust-L3/6  (10.66.24.50[18451]) vsys1                                     50.97.140.66[80]/untrust-L3  (50.97.140.66[80]) 19739   scribd-base    ACTIVE  FLOW  NS   192.168.50.105[11612]/trust-L3/6  (10.66.24.50[50257]) vsys1                                     50.97.140.66[443]/untrust-L3  (50.97.140.66[443]) 19735   scribd-base    ACTIVE  FLOW  NS   192.168.50.105[11610]/trust-L3/6  (10.66.24.50[11955]) vsys1                                     173.192.64.45[80]/untrust-L3  (173.192.64.45[80]) admin@PA-500> The 'scribd-uploading' application is working as intended. Regards, Kunal Adak ... View more

Re: Migrating configuration from Panorama VM to a M-100

by in General Topics
‎09-18-2013 09:55 AM
1 Kudo
‎09-18-2013 09:55 AM
1 Kudo
Hello , Please refer to the following document from Page 38-44 for migrating from Panorama VM to M100: Panorama Administrator's Guide 5.1 Regards, Kunal Adak ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎03-08-2024 01:53 PM
Latest Tags
No tags yet
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks