About Gururaj

Gururaj · ‎10-16-2013

Hi All, What is Pre rules and Post rules in Panorama? what is the use of these rules? Regards, Gururaj

Gururaj · ‎10-16-2013

Thanks Aditi/Klaus Its worked, but only in the url filtering log it is showing x-forwarded IP ( below snap shows the same). Is it possible to get the same information for traffic, threats and datafiltering logs? In the username field it is showing X-forwarded IP not user name, but In the user id agent 192.168.29.118 ip has mapped to name "gururaj". I have configured LDAP in PaloAlto. Regards, Gururaj

Gururaj · ‎10-14-2013

Hi All, How SSH decryption works? what all the prerequisites? kindly provide example,.. Regards, Gururaj

Gururaj · ‎10-10-2013

Hi All, In our network scenario we have the Bluecoat proxy before PaloAlto, as all the users are authenticated to proxy ( in which we have user based policies) we are able to see only proxy IP address in logs and because of this we are not able to do user identification and control the traffic based on user. But in our proxy we have the option to forward client IP and user name along with the HTTP header. Is it possible for PaloAlto to read these information from HTTP header? using this information is it possible to define user based policies and see the original client IP in logs (instead of proxy IP) along with the associated user name? Regards, Gururaj

Gururaj · ‎10-10-2013

Hi All, is it possible to exclude traffic and threat log from exporting to syslog server ? Just i want to forward only system and configuration logs to syslog server instead of sending all the logs. Thank you Gururaj

Gururaj · ‎09-26-2013

Hi All, How to control botnet ? Regards, Gururaj

Gururaj · ‎09-24-2013

Hi All,. Is Traffic Pattern / behavior based detection is possible in PaloAlto as in the Cisco,. In Cisco it works as fallows,.if we have enabled traffic sensor for particular time period it will calculate the percentage of traffic based on protocols as shown below HTTP - 30% FTP - 20% HTTPS- 50% and this information will be used in future traffic analysis, for eg : If HTTP traffic goes above or below the 30% then it send alerts to administrator and same for the FTP (above or below 20% and HTTPS 50%). Regards, Gururaj

Gururaj · ‎09-24-2013

Hi All,.. Is there any way to schedule exporting whole logdb to SCP server? As in the GUI it shows different logs type as shown below,. If we have scheduled to export url logs to SCP server,.then is it not possible to import that particular logs back to PaloAlto device a for analyzing? Regards, Gururaj

Gururaj · ‎09-24-2013

Hi All,. kindly provide the information about SNMP MIB's to monitor CPU utilization, Device temerature, Interface status etc,..And what all the information can be monitored using SNMP? Regards, Gururaj

Gururaj · ‎09-24-2013

Hi All, How to block port scanning? I tried by defining the "zone protection profile" and using it in "zone" with below settings and used "tenable Nessus" tool to perform port scanning and it was successful,. It is not getting blocked,.. please any one can guide me? No thread logs were found, Any further settings required? Regards, Gururaj

Gururaj · ‎09-24-2013

Hi All, Is there any way to pull the logs back ( From ftp,SCP or Syslog servers)to PaloAlto device for further process? Regards, Gururaj

Gururaj · ‎09-23-2013

Hi All, Internet browsing is slow through PA 2050 with PAN OS 5.0.4 , below are the some outputs from CLI. Can any one analyze the outputs given below tell me the root cause for slowness? Decryption is not enabled. admin@PA-2050> show session info -------------------------------------------------------------------------------- Number of sessions supported: 262138 Number of active sessions: 17814 Number of active TCP sessions: 8060 Number of active UDP sessions: 9752 Number of active ICMP sessions: 2 Number of active BCAST sessions: 0 Number of active MCAST sessions: 0 Number of active predict sessions: 736 Session table utilization: 6% Number of sessions created since bootup: 55751055 Packet rate: 1792/s Throughput: 6625 kbps New connection establish rate: 112 cps -------------------------------------------------------------------------------- Session timeout TCP default timeout: 3600 secs TCP session timeout before SYN-ACK received: 5 secs TCP session timeout before 3-way handshaking: 10 secs TCP session timeout after FIN/RST: 30 secs UDP default timeout: 30 secs ICMP default timeout: 6 secs other IP default timeout: 30 secs Captive Portal session timeout: 30 secs Session timeout in discard state: TCP: 90 secs, UDP: 60 secs, other IP protocols: 60 secs -------------------------------------------------------------------------------- Session accelerated aging: True Accelerated aging threshold: 80% of utilization Scaling factor: 2 X -------------------------------------------------------------------------------- Session setup TCP - reject non-SYN first packet: True Hardware session offloading: True IPv6 firewalling: True -------------------------------------------------------------------------------- Application trickling scan parameters: Timeout to determine application trickling: 10 secs Resource utilization threshold to start scan: 80% Scan scaling factor over regular aging: 8 -------------------------------------------------------------------------------- Session behavior when resource limit is reached: drop -------------------------------------------------------------------------------- admin@PA-2050> show system info hostname: PA-2050 ip-address: 172.27.0.37 netmask: 255.255.255.0 default-gateway: 172.27.0.254 ipv6-address: ipv6-link-local-address: fe80::21b:17ff:fe66:f800/64 ipv6-default-gateway: mac-address: 00:1b:17:66:f8:00 time: Mon Sep 23 14:07:48 2013 uptime: 18 days, 4:15:35 family: 2000 model: PA-2050 serial: 0003C105539 sw-version: 5.0.4 global-protect-client-package-version: 0.0.0 app-version: 388-1898 app-release-date: 2013/08/13 15:11:35 av-version: 1093-1524 av-release-date: 2013/09/03 06:55:02 threat-version: 388-1898 threat-release-date: 2013/08/13 15:11:35 wildfire-version: 0 wildfire-release-date: unknown url-filtering-version: 4171 global-protect-datafile-version: 0 global-protect-datafile-release-date: unknown logdb-version: 5.0.2 platform-family: 2000 logger_mode: False vpn-disable-mode: off operational-mode: normal multi-vsys: off admin@PA-2050> show management-clients | Pipe through a command <Enter> Finish input admin@PA-2050> show management-clients Client PRI State Progress ------------------------------------------------------------------------- routed 30 P2-ok 100 ha_agent 25 P2-ok 100 device 20 P2-ok 100 ikemgr 10 P2-ok 100 keymgr 10 init 0 (op cmds only) logrcvr 10 P2-ok 100 dhcpd 10 P2-ok 100 varrcvr 10 P2-ok 100 l3svc 10 P2-ok 100 sslvpn 10 P2-ok 100 rasmgr 10 P2-ok 100 useridd 10 P2-ok 100 satd 10 P2-ok 100 websrvr 10 P2-ok 100 sslmgr 10 P2-ok 100 authd 10 P2-ok 100 pppoed 10 P2-ok 100 dnsproxyd 10 P2-ok 100 cryptod 10 P2-ok 100 dagger 10 init 0 (op cmds only) Overall status: P2-ok. Progress: 0 Warnings: Errors: device: VSYS1 device: Security Policy: device: - Rule 'Router_Firewaal_network' shadows rule 'Network' device: - Rule 'RPVN1' shadows rule 'RPVN-K1' device: - Rule 'RPVN' shadows rule 'B1_US' device: - Rule 'RPVN' shadows rule 'B1_K1' device: (Module: device) admin@PA-2050> show system resources top - 10:58:46 up 18 days, 16:25, 1 user, load average: 0.59, 0.50, 0.34 Tasks: 96 total, 1 running, 95 sleeping, 0 stopped, 0 zombie Cpu(s): 1.9%us, 0.9%sy, 1.3%ni, 95.4%id, 0.3%wa, 0.0%hi, 0.2%si, 0.0%st Mem: 995872k total, 804588k used, 191284k free, 2960k buffers Swap: 2212876k total, 380464k used, 1832412k free, 186264k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 30540 20 0 4468 1020 800 R 4 0.1 0:00.06 top 1 20 0 1836 608 580 S 0 0.1 0:02.77 init 2 20 0 0 0 0 S 0 0.0 0:00.00 kthreadd 3 RT 0 0 0 0 S 0 0.0 0:01.58 migration/0 4 20 0 0 0 0 S 0 0.0 0:00.06 ksoftirqd/0 5 RT 0 0 0 0 S 0 0.0 0:03.33 migration/1 6 20 0 0 0 0 S 0 0.0 0:00.01 ksoftirqd/1 7 20 0 0 0 0 S 0 0.0 0:03.02 events/0 8 20 0 0 0 0 S 0 0.0 0:00.15 events/1 9 20 0 0 0 0 S 0 0.0 0:00.05 khelper 12 20 0 0 0 0 S 0 0.0 0:00.00 async/mgr 112 20 0 0 0 0 S 0 0.0 0:00.00 sync_supers 114 20 0 0 0 0 S 0 0.0 0:00.00 bdi-default 115 20 0 0 0 0 S 0 0.0 0:03.82 kblockd/0 116 20 0 0 0 0 S 0 0.0 0:01.63 kblockd/1 125 20 0 0 0 0 S 0 0.0 0:00.00 ata/0 126 20 0 0 0 0 S 0 0.0 0:00.00 ata/1 127 20 0 0 0 0 S 0 0.0 0:00.00 ata_aux 132 20 0 0 0 0 S 0 0.0 0:00.00 khubd 135 20 0 0 0 0 S 0 0.0 0:00.00 kseriod 154 20 0 0 0 0 S 0 0.0 0:00.00 rpciod/0 155 20 0 0 0 0 S 0 0.0 0:00.00 rpciod/1 167 20 0 0 0 0 D 0 0.0 3:00.72 kswapd0 168 20 0 0 0 0 S 0 0.0 0:00.00 aio/0 169 20 0 0 0 0 S 0 0.0 0:00.00 aio/1 170 20 0 0 0 0 S 0 0.0 0:00.00 nfsiod 725 20 0 0 0 0 S 0 0.0 0:00.09 octeon-ethernet 743 20 0 0 0 0 S 0 0.0 0:00.01 scsi_eh_0 745 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_1 752 20 0 0 0 0 S 0 0.0 0:00.43 mtdblockd 776 20 0 0 0 0 S 0 0.0 0:00.00 usbhid_resumer 815 20 0 0 0 0 S 0 0.0 0:37.99 kjournald 837 20 0 0 0 0 S 0 0.0 1:12.39 flush-8:0 869 16 -4 1996 392 388 S 0 0.0 0:01.27 udevd 1698 20 0 0 0 0 S 0 0.0 0:00.67 kjournald 1699 20 0 0 0 0 S 0 0.0 0:00.00 kjournald 1871 20 0 2008 696 628 S 0 0.1 0:00.94 syslogd 1874 20 0 1892 408 376 S 0 0.0 0:00.07 klogd 1883 20 0 1872 332 236 S 0 0.0 0:00.21 irqbalance 1891 rpc 20 0 2084 492 488 S 0 0.0 0:00.01 portmap 1909 20 0 2116 696 692 S 0 0.1 0:00.04 rpc.statd 1978 20 0 6868 612 536 S 0 0.1 0:00.02 sshd 2021 20 0 6804 448 444 S 0 0.0 0:00.00 sshd 2030 20 0 3280 644 640 S 0 0.1 0:00.02 xinetd 2049 20 0 0 0 0 S 0 0.0 0:00.00 lockd 2050 20 0 0 0 0 S 0 0.0 2:00.22 nfsd 2051 20 0 0 0 0 S 0 0.0 1:53.70 nfsd 2052 20 0 0 0 0 S 0 0.0 1:53.37 nfsd 2053 20 0 0 0 0 S 0 0.0 2:03.91 nfsd 2054 20 0 0 0 0 S 0 0.0 2:02.30 nfsd 2055 20 0 0 0 0 S 0 0.0 2:02.04 nfsd 2056 20 0 0 0 0 S 0 0.0 1:53.84 nfsd 2057 20 0 0 0 0 S 0 0.0 2:14.70 nfsd 2060 20 0 2360 708 608 S 0 0.1 0:04.28 rpc.mountd 2090 0 -20 63872 4516 1996 S 0 0.5 67:26.50 masterd_core 2093 20 0 1824 448 444 S 0 0.0 0:00.01 agetty 2100 0 -20 27864 1504 1132 S 0 0.2 7:46.28 masterd_manager 2107 15 -5 36692 1904 1188 S 0 0.2 312:05.11 sysd 2109 0 -20 32356 5108 1152 S 0 0.5 94:57.70 masterd_manager 2115 20 0 92196 3556 1944 S 0 0.4 0:03.89 dagger 2116 30 10 39624 3684 1748 S 0 0.4 71:27.91 python 2117 20 0 78584 2396 1448 S 0 0.2 0:02.73 cryptod 2118 20 0 165m 1812 1284 S 0 0.2 11:36.90 sysdagent 2134 20 0 71580 1140 1000 S 0 0.1 2:25.60 brdagent 2135 20 0 31780 1240 1056 S 0 0.1 3:26.37 ehmon 2136 20 0 47436 1244 1096 S 0 0.1 0:05.63 chasd 2137 20 0 7212 916 916 S 0 0.1 0:00.13 tscat 2216 20 0 0 0 0 S 0 0.0 0:30.19 kjournald 2250 20 0 2896 656 600 S 0 0.1 0:00.64 crond 2259 20 0 513m 188m 4556 S 0 19.4 64:38.01 mgmtsrvr 2262 20 0 193m 74m 63m S 0 7.6 43:02.56 useridd 2278 20 0 207m 37m 7872 S 0 3.8 15:19.25 devsrvr 2293 nobody 20 0 116m 3784 1764 S 0 0.4 1:52.76 appweb3 2295 nobody 20 0 216m 42m 5304 S 0 4.4 155:10.11 appweb3 2296 20 0 90704 1648 1284 S 0 0.2 0:01.66 ikemgr 2297 20 0 347m 107m 3476 S 0 11.0 250:43.63 logrcvr 2298 20 0 99504 1892 1528 S 0 0.2 0:02.02 rasmgr 2299 20 0 97728 1264 1088 S 0 0.1 0:00.65 keymgr 2300 20 0 247m 2596 1624 S 0 0.3 16:07.97 varrcvr 2301 17 -3 56384 1572 1200 S 0 0.2 2:03.23 ha_agent 2302 20 0 111m 5392 1416 S 0 0.5 0:09.50 satd 2303 20 0 101m 1788 1328 S 0 0.2 0:01.75 sslmgr 2304 20 0 57244 1704 1280 S 0 0.2 0:01.37 dhcpd 2305 20 0 74792 2048 1324 S 0 0.2 0:01.54 dnsproxyd 2307 20 0 74456 1536 1268 S 0 0.2 0:01.66 pppoed 2308 20 0 141m 3592 1932 S 0 0.4 1:54.42 routed 2309 20 0 129m 4248 3384 S 0 0.4 0:05.89 authd 2313 20 0 27128 1396 1204 S 0 0.1 0:01.17 snmpd 2325 nobody 20 0 121m 1992 1564 S 0 0.2 1:27.97 appweb3 25148 20 0 3744 3624 2756 S 0 0.4 0:00.13 ntpd 30217 20 0 21340 2444 2020 S 0 0.2 0:00.14 sshd 30228 admin 20 0 21340 1472 1028 S 0 0.1 0:00.02 sshd 30229 admin 20 0 97888 21m 10m S 0 2.3 0:03.79 cli 30537 admin 20 0 2976 668 564 S 0 0.1 0:00.04 less 30539 20 0 3832 1188 1056 S 0 0.1 0:00.06 sh 30541 20 0 1940 536 464 S 0 0.1 0:00.00 sed admin@PA-2050> admin@PA-2050> show running resource-monitor hour Resource monitoring sampling data (per hour): CPU load (%) during last 24 hours: core 0 1 2 3 avg max avg max avg max avg max 0 0 2 3 9 41 8 42 0 0 1 2 3 15 3 14 0 0 1 2 1 13 1 12 0 0 1 2 1 7 1 6 0 0 1 2 1 7 1 6 0 0 1 2 1 7 1 6 0 0 1 2 1 9 1 8 0 0 1 1 1 5 1 5 0 0 1 2 1 7 1 6 0 0 1 2 1 9 1 39 0 0 1 2 1 7 1 7 0 0 1 2 1 9 1 8 0 0 1 2 2 9 1 9 0 0 1 2 2 8 2 9 0 0 1 2 2 10 2 9 0 0 1 2 2 13 2 12 0 0 1 2 2 13 2 12 0 0 1 2 2 10 2 9 0 0 1 2 2 14 2 13 0 0 1 2 2 11 2 10 0 0 1 2 2 8 2 7 0 0 1 2 2 19 2 21 0 0 1 2 2 12 2 10 0 0 1 3 2 11 2 10 Resource utilization (%) during last 24 hours: session (average): 3 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 session (maximum): 7 2 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 packet buffer (average): 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 packet buffer (maximum): 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 packet descriptor (average): 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 packet descriptor (maximum): 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 packet descriptor (on-chip) (average): 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 packet descriptor (on-chip) (maximum): 1 2 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 admin@PA-2050> show running resource-monitor day Resource monitoring sampling data (per day): CPU load (%) during last 7 days: core 0 1 2 3 avg max avg max avg max avg max 0 0 1 3 1 24 1 29 0 0 1 4 1 14 1 13 0 0 1 1 0 0 0 0 0 0 2 6 4 40 3 39 0 0 2 4 6 64 6 63 0 0 2 5 6 42 6 42 0 0 2 5 6 42 5 43 Resource utilization (%) during last 7 days: session (average): 1 0 0 1 2 2 2 session (maximum): 2 2 0 7 5 6 5 packet buffer (average): 0 0 0 0 0 0 0 packet buffer (maximum): 0 0 0 0 1 1 1 packet descriptor (average): 0 0 0 0 0 0 0 packet descriptor (maximum): 0 0 0 0 0 0 1 packet descriptor (on-chip) (average): 1 1 1 1 1 1 1 packet descriptor (on-chip) (maximum): 2 2 1 3 5 7 9 admin@PA-2050> show running resource-monitor hour last 1 Resource monitoring sampling data (per hour): CPU load (%) during last 1 hours: core 0 1 2 3 avg max avg max avg max avg max 0 0 2 3 4 24 4 23 Resource utilization (%) during last 1 hours: session (average): 4 session (maximum): 7 packet buffer (average): 0 packet buffer (maximum): 0 packet descriptor (average): 0 packet descriptor (maximum): 0 packet descriptor (on-chip) (average): 1 packet descriptor (on-chip) (maximum): 1 admin@PA-2050> show interface ethernet1/4 -------------------------------------------------------------------------------- Name: ethernet1/4, ID: 19 Link status: Runtime link speed/duplex/state: unknown/unknown/down Configured link speed/duplex/state: auto/auto/auto MAC address: Port MAC address 00:1b:17:66:f8:13 Operation mode: layer3 Untagged sub-interface support: no -------------------------------------------------------------------------------- Name: ethernet1/4, ID: 19 Operation mode: layer3 Virtual router default Interface MTU 1500 Interface IP address: 172.25.1.1/24 Interface management profile: mgt ping: yes telnet: no ssh: yes http: no https: yes snmp: no response-pages: no userid-service: no Service configured: Zone: Inside, virtual system: vsys1 Adjust TCP MSS: no -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Physical port counters read from MAC: -------------------------------------------------------------------------------- rx-broadcast 0 rx-bytes 16862992358 rx-multicast 0 rx-unicast 48240461 tx-broadcast 0 tx-bytes 38797604172 tx-multicast 0 tx-unicast 49387654 -------------------------------------------------------------------------------- Hardware interface counters read from CPU: -------------------------------------------------------------------------------- bytes received 4919165124 bytes transmitted 13144063305 packets received 24701255 packets transmitted 17805722 receive errors 576 packets dropped 0 -------------------------------------------------------------------------------- Logical interface counters read from CPU: -------------------------------------------------------------------------------- bytes received 4919165124 bytes transmitted 13144063305 packets received 24701255 packets transmitted 17805722 receive errors 0 packets dropped 311361 packets dropped by flow state check 283 forwarding errors 0 no route 1259 arp not found 2 neighbor not found 0 neighbor info pending 0 mac not found 0 packets routed to different zone 3 land attacks 0 ping-of-death attacks 0 teardrop attacks 0 ip spoof attacks 0 mac spoof attacks 0 ICMP fragment 0 layer2 encapsulated packets 0 layer2 decapsulated packets 0 -------------------------------------------------------------------------------- Under Hardware interface counters read from CPU: Receive Errors show the count of any receive errors received on the physical (hardware) interface. They are primarily L2-L4 parsing/header errors and although the counter mentions "hardware", they are predominantly logical errors (CRC, framing or other hardware-related errors are NOT counted here). Most common types of events that cause these errors are incorrect length of VLAN tag, unexpected VLAN tag, unsupported L2 protocol, incorrect IP checksum, TCP/UDP packet checksum error, TCP/UDP port 0, Invalid TCP flag, etc. Very often, a constant increase of this counter is caused by STP/LLDP/UDLD frames arriving on a L3 firewall port (these protocols are not supported on L3 ports and are legitimately dropped and counted as "Receive errors"). Under Logical interface counter read from CPU: Receive Errors show only the count of errors seen on an HA2 interface. This counter may increment only if the interface is configured as an HA2 High Availability interface. ' admin@PA-2050> show interface ethernet1/5 -------------------------------------------------------------------------------- Name: ethernet1/5, ID: 20 Link status: Runtime link speed/duplex/state: unknown/unknown/down Configured link speed/duplex/state: auto/auto/auto MAC address: Port MAC address 00:1b:17:66:f8:14 Operation mode: layer3 Untagged sub-interface support: no -------------------------------------------------------------------------------- Name: ethernet1/5, ID: 20 Operation mode: layer3 Virtual router default Interface MTU 1500 Interface IP address: 172.25.0.254/24 Interface management profile: ping ping: yes telnet: no ssh: no http: no https: no snmp: no response-pages: no userid-service: no Service configured: Zone: Outside, virtual system: vsys1 Adjust TCP MSS: no -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Physical port counters read from MAC: -------------------------------------------------------------------------------- rx-broadcast 0 rx-bytes 37738780207 rx-multicast 0 rx-unicast 49811485 tx-broadcast 0 tx-bytes 14389013248 tx-multicast 0 tx-unicast 43750773 -------------------------------------------------------------------------------- Hardware interface counters read from CPU: -------------------------------------------------------------------------------- bytes received 12896879637 bytes transmitted 2602156929 packets received 19207877 packets transmitted 17408162 receive errors 33981 packets dropped 0 -------------------------------------------------------------------------------- Logical interface counters read from CPU: -------------------------------------------------------------------------------- bytes received 12895860957 bytes transmitted 2602156929 packets received 19190899 packets transmitted 17408162 receive errors 0 packets dropped 292011 packets dropped by flow state check 35674 forwarding errors 0 no route 0 arp not found 0 neighbor not found 0 neighbor info pending 0 mac not found 0 packets routed to different zone 3445882 land attacks 0 ping-of-death attacks 0 teardrop attacks 0 ip spoof attacks 0 mac spoof attacks 0 ICMP fragment 0 layer2 encapsulated packets 0 layer2 decapsulated packets 0 -------------------------------------------------------------------------------- admin@PA-2050> show interface ethernet1/6 -------------------------------------------------------------------------------- Name: ethernet1/6, ID: 21 Link status: Runtime link speed/duplex/state: unknown/unknown/down Configured link speed/duplex/state: auto/auto/auto MAC address: Port MAC address 00:1b:17:66:f8:15 Operation mode: layer3 Untagged sub-interface support: yes -------------------------------------------------------------------------------- Name: ethernet1/6, ID: 21 Operation mode: layer3 Virtual router default Interface MTU 1500 Interface IP address: 172.25.2.254/24 Interface management profile: ping ping: yes telnet: no ssh: no http: no https: no snmp: no response-pages: no userid-service: no Service configured: Zone: RPVN, virtual system: vsys1 Adjust TCP MSS: no -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Physical port counters read from MAC: -------------------------------------------------------------------------------- rx-broadcast 0 rx-bytes 2509853694 rx-multicast 0 rx-unicast 5160960 tx-broadcast 0 tx-bytes 3463212219 tx-multicast 0 tx-unicast 5297651 -------------------------------------------------------------------------------- Hardware interface counters read from CPU: -------------------------------------------------------------------------------- bytes received 431624791 bytes transmitted 1869466112 packets received 2590327 packets transmitted 2654882 receive errors 34424 packets dropped 0 -------------------------------------------------------------------------------- Logical interface counters read from CPU: -------------------------------------------------------------------------------- bytes received 430592071 bytes transmitted 1869466112 packets received 2573115 packets transmitted 2654882 receive errors 0 packets dropped 6461 packets dropped by flow state check 0 forwarding errors 0 no route 62 arp not found 0 neighbor not found 0 neighbor info pending 0 mac not found 0 packets routed to different zone 7 land attacks 0 ping-of-death attacks 0 teardrop attacks 0 ip spoof attacks 0 mac spoof attacks 0 ICMP fragment 0 layer2 encapsulated packets 0 layer2 decapsulated packets 0 -------------------------------------------------------------------------------- admin@PA-2050> show system state filter sys.s1.* | match crc admin@PA-2050> show system state filter sys.s1.* | match crc admin@PA-2050> show system state filter sys.s1.* | match crc admin@PA-2050> show system state filter sys.s1.* | match crc

Gururaj · ‎09-23-2013

Hi All,.. how to check when the dataplane has restarted? what is the CLI command for the same? Regards, Gururaj

Gururaj · ‎09-18-2013

Below is the error i am getting,... you mean i need to delete zones and Vwire in this case? Regards, Gururaj

Gururaj · ‎09-18-2013

Thanks panos,. How to edit XML? can you give some example about what you have edited and how you identified that what needs to be edited?. regards, Gururaj

Member Since	‎05-17-2012 09:02 PM
Date Last Visited	‎11-21-2017 08:23 AM
Posts	147
Total Likes Received	12

Online Status	Offline
Date Last Visited	‎11-21-2017 08:23 AM

About Gururaj

How to determine DoS Alert, Activate and Max thresholds (Packets/second) from PaloAlto firewall.

Setting up dual authentication or single authentication based on the user group in global protect

what is the difference between Botnet report and DNS Sinkholing?

Duplicate MAC address in layer two switch when PaloAlto connected to network,..

Block based on file size

Re: control over ssh traffic - command or data

control over ssh traffic - command or data

Re: max session count in a month

max session count in a month

Re: brightcloud active option unavailable

Stopping email alert for Syslog related Logs.

Not able to see the interface IP addresses using SNMP.

Re: how to get the logs or chart for QoS ?

Re: how to get the logs or chart for QoS ?

max session count in a month

Re: max session count in a month

Re: control over ssh traffic - command or data

Re: How to findout the individual total number of HTTP and HTTPS session count.

Re: How to findout the individual total number of HTTP and HTTPS session count.

Re: How to findout the individual total number of HTTP and HTTPS session count.

What is Pre rules and Post rules in Panorama?

Re: Is it possible for PaloAlto to read the client IP address or User name from HTTP header (when using proxy server)?

How SSH decryption works?

Is it possible for PaloAlto to read the client IP address or User name from HTTP header (when using proxy server)?

is it possible to exclude traffic and threat log from exporting to syslog server ?

How to control Botnet ?

Is Traffic Pattern / behavior based detection is possible in PaloAlto as in the Cisco,.

Re: Is it possible to pull the logs back ( From ftp,SCP or Syslog servers)to PaloAlto device for further process?

SNMP MIB's to monitor CPU utilization, Device temerature, Interface status etc,..

Unable to block port scanning even after enabling "zone protection profile".

Is it possible to pull the logs back ( From ftp,SCP or Syslog servers)to PaloAlto device for further process?

Internet browsing is slow through PA 2050 with PAN OS 5.0.4 .

how to check when the dataplane has restarted?

Re: Is configuration file from 2050 device can be imported and loaded to 5050 device?

Re: Is configuration file from 2050 device can be imported and loaded to 5050 device?

Unlock your full community experience!

About Gururaj