This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About PerryK

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
PerryK
‎11-09-2023
since ‎02-24-2018
L2 Linker
User Activity
User Profile
Latest posts by PerryK
View All
User Badges
Community Statistics
Member Since ‎02-24-2018 07:56 AM
Date Last Visited ‎11-09-2023 08:07 PM
Posts 17

GlobalProtect linux surive reboot

by in General Topics
‎12-18-2019 09:25 AM
‎12-18-2019 09:25 AM
I'm trying to get the linux client to always connect. Manually running a shell script to check if globalprotect is running and then connecting again works. But if I run this same script with @reboot from crontab -e it never connects, until I actually log in to the console.  Has anyone managed to do this with the official GP client.    ... View more

Re: where do I check logs when merge never completes

by in Expedition Discussions
‎09-27-2018 09:55 AM
‎09-27-2018 09:55 AM
Yea, I should have notice that section. Thanks. ... View more

Re: where do I check logs when merge never completes

by in Expedition Discussions
‎09-26-2018 01:12 PM
‎09-26-2018 01:12 PM
OK, what service is being restarted? And how? i.e. is this a CLI restart? Also, it seems a bit of a bandaid to restart when it hangs. I'd like to find the root cause of this behaviour if possible. ... View more

where do I check logs when merge never completes

by in Expedition Discussions
‎09-26-2018 12:46 PM
‎09-26-2018 12:46 PM
I've got a pretty straight forward ASA to Palo migration. I followed the guide step by step. Unused objects and invalid stuff has been removed. When I click on the merge button it stays in the pending state forever. (No error message or any other feedback FWIW)   So what logs can I check in the CLI to see where the merge gets stuck.  ... View more

security zones and vsys limits

by in General Topics
‎08-27-2018 05:14 PM
‎08-27-2018 05:14 PM
I haven't been able to find a definitive answer.    Is the limit of security zones per firewall global or is it per vsys.  ... View more

Re: Active/Active HA tentative state question

by in General Topics
‎05-15-2018 05:44 AM
‎05-15-2018 05:44 AM
OK, since the packet is processed by the active peer, where should the packet be seen in the traffic log. On the active one or the tentative one?  ... View more

Active/Active HA tentative state question

by in General Topics
‎05-14-2018 08:08 AM
‎05-14-2018 08:08 AM
Let's say we have 2 firewalls in A/A HA each firewall has 2 vWire (single interfaces, no aggregration) eth1/eth2 = vWire 1 and eth3/eth4=vWire2 link monitoring is set such that if any of eth1/eth2 interfaces are down or any of eth3/eth4 are down the firewall will go into tentative state. Say I unplug eth1/eth2 on FW1. FW1 goes into tentative state. Now, no traffic should flow on vWire2 (eth3/eth4) of FW1.  Can ayone confirm this?  ... View more

Re: 5250 HA1 over SFP question

by in General Topics
‎05-02-2018 06:51 PM
‎05-02-2018 06:51 PM
That's what I figured and the client is OK with using the AUX ports that way. It's just that the documentation isn't definitive.  ... View more

Re: Troubleshooting classic ELB

by in VM-Series in the Public Cloud
‎05-02-2018 02:53 PM
‎05-02-2018 02:53 PM
Thanks. As it turns out everything was properly configured yet the firewalls would not bootstrap properly.  After TAC support attached an EIP to the public interface and got the log in page it appears that the mgt switch command in the init-cfg.txt didn't work. After deleting the init-cfg.txt (which had  the proper text in it) with a fresh copy directly from the github page the firewalls came up as expected. So a 37 byte file somehow got corrupted.   ... View more

5250 HA1 over SFP question

by in General Topics
‎05-02-2018 02:49 PM
‎05-02-2018 02:49 PM
I have a customer who is implementing a pair of 5250 in active/passive. The firewalls are in separate DCs that are connected with fibre. It seems HA2 over the SFP ports is OK but HA1 seems to only work over the 2 AUX ports not any of the data ports.  The docs say use these ports for SFP+ but it doesn't say NOT to use other SFP ports for HA1. Thoughts? From the manual ... View more

Re: Troubleshooting classic ELB

by in VM-Series in the Public Cloud
‎04-26-2018 06:58 PM
‎04-26-2018 06:58 PM
Thanks. Both public and internal load balancers are classic. Where exactly in the GUI are you referring to in the console when you say "console log snap shots" ?  We have been creating/deleting stacks while testing so no problem checking right after firewalls come up. The difference between the customer's template and the classic example seems minor. Hopefully the TAC engineers will know where to look. ... View more

Troubleshooting classic ELB

by in VM-Series in the Public Cloud
‎04-26-2018 03:59 PM
‎04-26-2018 03:59 PM
I have a support call scheduled for tomorrow but if anyone has any ideas about this that would be greatly appreciated.   I deployed the classic ELB template example successfully. My customer then took the firewall.template and integrated it into their stack making it a nested stack feeding it all the parameters required.  The firewalls come up in all 3 AZs, they have EIPs attached to each firewall. Yet the firewalls never come out of 'out of service' status. We can't connect to the EIP even though they're associated to the firewalls' management interfaces.  According to the docs: if bootstrapping fails, the VM-Series firewall for load balancing traffic will be out-of-service.  How do I check the bootstrapping process? Cloudwatch logs for the lambdas?  ... View more

AWS stack name length limitation

by in VM-Series in the Public Cloud
‎04-25-2018 10:50 AM
‎04-25-2018 10:50 AM
Cross posting from the github repo.  Is there a reason why stack names longer than 10 are not supported? What are the constraints that limit this number?    I have a customer who has stack names that are > 10  ... View more

Re: vpc-classic-v1.2.1.template issues

by in VM-Series in the Public Cloud
‎04-22-2018 02:06 PM
‎04-22-2018 02:06 PM
OK, Upon further investigation I didn't choose all the default values. The firewalls weren't being created because their instance type isn't supported by AWS Market place. The template lists 2 instance types as allowed parameters that shouldn't be there and also is missing 2 instance types that should be allowed.   Instance types that should be removed as not supported. c3,xlarge and c4.xlarge Instance types that should be added. c3.8xlarge and c4.8xlarge   ... View more

Re: vpc-classic-v1.2.1.template issues

by in VM-Series in the Public Cloud
‎04-22-2018 08:58 AM
‎04-22-2018 08:58 AM
Apparently the error is not related. I deleted the stack and re-created it exactly the same way and this time it create the firewalls. Go figure.  ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎11-09-2023 08:07 PM
Latest Tags
Likes Given To
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks