This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

About Abdul_Razaq

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Abdul_Razaq
‎01-25-2023
since ‎11-06-2018
L4 Transporter
User Activity
User Profile
User Badges
Community Statistics
Member Since ‎11-06-2018 12:48 AM
Date Last Visited ‎01-25-2023 07:53 AM
Posts 137
Total Likes Received 26

Re: DNS packets in drop stage, but i can see the same packet in transmit stage and DNS server response as well.

by in General Topics
‎05-20-2021 12:38 AM
‎05-20-2021 12:38 AM
Hi @reaper ,   Packet diag is set accounting for the NAT as well. As mentioned, I can see the dropped NATed packet. Strange thing is i can see the same packet in transmit stage to ISP ( compared dns id and source port and destination mac to confirm it is going to ISP). The public DNS is responding to the query successfully and the client is resolving the fqdn.. Just not sure why the packet in the drop stage when it actually indicates the packet went through.   I was able to see some counters like 'DNS packet drops while waiting' not sure if it is related ( as I have capture filter for fw_public ip to dns, it will include other clients requests as well) ... View more

DNS packets in drop stage, but i can see the same packet in transmit stage and DNS server response as well.

by in General Topics
‎05-19-2021 11:27 PM
‎05-19-2021 11:27 PM
Hi Community   I am seeing a strange behavior with DNS traffic. I tried to resolve some FQDns which work fine (those are public fqdns). But when I do the packet capture, I can see the same packets in transmit and drop stage. By comparing the tcp port and dns transaction id, i can see those packets sent only once by end machine and the same in both transmit and drop stage. Even i can see the DNS server is responding with the IP address and from end machine, the fqdn is resolved. I am trying to figure out why the packet in drop stage as it causes confition. Also this is not happening always, this is very random.   I even tried floe capture, in flow capture I cannot see the drop, in fact there is a gap in flow capture at the time of transmitting and drop time(which means i cannot see this transmit and drop in the flow capture). ... View more

Re: External list not populating

by in General Topics
‎05-16-2021 03:48 AM
‎05-16-2021 03:48 AM
Hi @drewdown ,   Make sure you are using this EDL in the policy, else PA will not fetch the EDL. If it present in the policy already , checking the ms.log might help. ... View more

Re: Concurrent Global Protect user

by in General Topics
‎05-16-2021 03:46 AM
‎05-16-2021 03:46 AM
Hi @SamirK ,   Currently, no feature to restrict number of connections from a single user. You can follow the document https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClorCAC and filter with username to see the concurrent connections by a single user. ... View more

Re: cortexuser in Linux Agent

by in Cortex XDR Discussions
‎05-16-2021 03:40 AM
‎05-16-2021 03:40 AM
Hi Community,   Got below informations on the cortexuser, - The user is automatically created with the new agents , earlier PA had a trapsanalyzerd1,trapsanalyzer2 etc. That has been updated with newer agent version to ‘cortexuser’. It is used to run analyserd and lted services on the XDR agent. This user has the rights to perform necessary action required on /opt/traps directory. ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎01-25-2023 07:53 AM
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks