This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About rchung54

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
rchung54
‎10-07-2020
since ‎05-21-2018
L2 Linker
User Activity
User Profile
Latest posts by rchung54
View All
User Badges
Community Statistics
Member Since ‎05-21-2018 05:33 AM
Date Last Visited ‎10-07-2020 07:23 AM
Posts 31
Total Likes Received 3

Re: VPN site-2-site configuration and OSPF

by in General Topics
‎02-08-2019 02:22 AM
‎02-08-2019 02:22 AM
@OtakarKlier   Thank you for your reply. I can't ping between the two Palo's on IPs 192.168.210.26 and 192.168.210.120, which are assigned to their e1/1 interfaces. I have set up statics routes anda security policy as follows on both Palo's as suggested.     VM-PA-01 config.       VM-PA-02 config.       Any further advice is appreciated. ... View more

VPN site-2-site configuration and OSPF

by in General Topics
‎02-07-2019 07:04 AM
‎02-07-2019 07:04 AM
Hello forum members,   I have been testing the VPN site-2-site configurations on my Palo Alto VM lab, prior to deploying on our production environment. I have successfully set up a VPN connection where both firewalls use static routing. Trouble I'm having now is setting up the VPN connection where the 3rd party site uses static routing and my corp LAN uses OSPF.   I can't get the tunnel up between the two sites. I followed the Site-2-Site VPN with Static and Dynamic Routing example in the PAN-OS Admin guide, but some of the steps seem vague (vague to me any way). My R1 router has formed an OSPF neighbour relation ship with the Palo Alto VM-PA-01 fine and the PC host 172.19.9.10 can ping the E1/2 interface (10.216.7.1) of the Palo Alto fine.   The following is my lab topology and screen shots of the configs.     VM-PA-01 config.                 *** I also tried this IKE Gateway config with the FQDNs, as in the PAN-OS guide ***     VM-PA-02 config.           *** I also tried this IKE Gateway config with the FQDNs, as in the PAN-OS guide ***       Any suggestions and advice will be much appreciated.     ... View more

Re: Security policy rule - allowing a specific host access to ftp.sophos.com

by in General Topics
‎12-20-2018 06:40 AM
‎12-20-2018 06:40 AM
Hi Rikkert_Kooy,   Yes, i saw the three error messages at the same time on the Filezilla client.   The Session End Reason is 'tcp-rst-from-server'.      What does it mean where it says 'incomplete' under Application please?   Thanks. ... View more

Re: Security policy rule - allowing a specific host access to ftp.sophos.com

by in General Topics
‎12-20-2018 04:17 AM
‎12-20-2018 04:17 AM
Hi DPoppleton,   I set the Transfer Settings to Active in the FTP client (I guess this what you meant), but still not working. I did what Rikkert_Kooy suggested too and still no joy. Is it because the Palo is not configured with SSL decrypt/encrypt?   Thanks. ... View more

Re: Security policy rule - allowing a specific host access to ftp.sophos.com

by in General Topics
‎12-20-2018 04:03 AM
‎12-20-2018 04:03 AM
Hi Rikkert_Kooy,   Thank you for your reply. My mistake, it is explicit FTP over SSL, not SFTP.   I have added ftp to the Application and already had TCP port 990 under the Service. I also added SSL and the port range 50000-51000, but it is still not working. The Palo is not configured for SSL decrypt/encrypt. Could this be why it is still not working?     Unified logs - it says incomplete in Application. What does this mean please?     Error message on the Filezilla client     Thanks.         ... View more

Re: Security policy rule - allowing a specific host access to ftp.sophos.com

by in General Topics
‎12-11-2018 03:57 AM
‎12-11-2018 03:57 AM
Hi DPoppleton,   Still not working.   I get this from the log in the Filezila FTP client.    Filezila client configured as so for FTP over SSL/TLS   Logs from Unified today. Any further advice will be appreciated. ... View more

Re: Security policy rule - allowing a specific host access to ftp.sophos.com

by in General Topics
‎12-05-2018 03:12 AM
‎12-05-2018 03:12 AM
@DPoppleton, forgot to mention that the Filezilla client was configured for SFTP and was tested on a ADSL line and the user was able to connect fine.   Thanks,   Roberto ... View more

Re: Security policy rule - allowing a specific host access to ftp.sophos.com

by in General Topics
‎12-05-2018 03:08 AM
‎12-05-2018 03:08 AM
Hi DPoppleton,   Thanks for your reply again. I have now added SSH under Application within my rule.     I will have the user test.   Many thanks,   Roberto  ... View more

Re: Security policy rule - allowing a specific host access to ftp.sophos.com

by in General Topics
‎12-04-2018 06:49 AM
‎12-04-2018 06:49 AM
Hi DPoppleton,   I don't see any 'deny' in the Actions when the user is trying to access 195.171.192.29       ... View more

Re: Security policy rule - allowing a specific host access to ftp.sophos.com

by in General Topics
‎12-04-2018 05:56 AM
‎12-04-2018 05:56 AM
Hello Hodor,   Thanks for your reply. The file blocking profile looks good.   ... View more

Security policy rule - allowing a specific host access to ftp.sophos.com

by in General Topics
‎12-04-2018 03:12 AM
‎12-04-2018 03:12 AM
Hello,   A colleague needs to access ftp.sophos.com (195.171.192.29) using Filezilla as their SFTP client, via TCP port 990. I set up the security policy rule as follows:         They could not log onto the ftp.sophos.com site. The password credentials they used are correct. Is the rule set up correctly? On a Cisco ASA I would have used the following ACL:   access-list aclinside extended permit tcp any host 195.171.192.29 eq 990   Any advice is much appreciated.   Regards,   Roberto       ... View more

Re: How to generate traffic reports for a specifi interface

by in General Topics
‎11-26-2018 01:20 AM
1 Kudo
‎11-26-2018 01:20 AM
1 Kudo
Hi Raido,   Thank you again for your advice.   Regards,   Roberto ... View more

Re: How to generate traffic reports for a specifi interface

by in General Topics
‎11-21-2018 02:08 AM
‎11-21-2018 02:08 AM
Hello Raido,   Thank you for your reply.   I created a test report with the following settings, to see how much traffic was going out a particular interface (Ethernet1/10 is the interface I am interested in).    I get the following result when I do 'run now'.   Am I right that it gives me the total in bytes going out the interface? What does the 'G' mean when I look at 804.5G under bytes? It would be good if the report could tell the average bandwidth going out interface Ethernet 1/10 per day in a calender month.   Any further advice you could give is much appreciated.   Many thanks in advance.   Roberto  ... View more

How to generate traffic reports for a specifi interface

by in General Topics
‎11-20-2018 04:16 AM
‎11-20-2018 04:16 AM
Hello Palo experts,   I want to create a report which tells me what bandwidth has been used on an outside interface, for say the past month. Something that can display the average bandwidth being used during a day would be good. I see on my PA-3050 that under Network>QoS, that live bandwidth stats can be displayed, but can't see where I can export monthly bandwidth stats.   Any advice or tips will be much appreciated.   Best regards,   Roberto ... View more

Re: Upgrading from PANOS 8.1.3 to 8.1.4h2

by in General Topics
‎11-12-2018 02:58 AM
‎11-12-2018 02:58 AM
Hi Venkatesan_radhakrishnan,   Thank you for your prompt reply and clarifying that.   Best regards,   Roberto ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎10-07-2020 07:23 AM
Latest Tags
No tags yet
Likes Given To
Likes From
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks