This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About MashRotor
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About MashRotor
11-21-2017
7Posts
0Likes
0Solutions
Nov 21, 2017Last Visited
User
Activity
User
Profile
Latest posts by MashRotor
| Subject | Views | Posted |
|---|---|---|
| 897 | 05-08-2013 11:38 AM | |
| 2443 | 04-26-2013 12:21 PM | |
| 2515 | 09-23-2011 01:08 PM | |
| 2514 | 09-23-2011 11:57 AM | |
| 1331 | 09-23-2011 11:28 AM |
User Badges
Community Statistics
| Member Since | 02-11-2011 09:42 AM |
| Date Last Visited | 11-21-2017 04:58 PM |
| Posts | 7 |
05-08-2013
11:38 AM
Anyone with experience with this, please make comments: Will the 5060 will forward traffic with a multicast destination MAC address and unicast IP address? The traffic from the Checkpoints to the Internet VRF should be unicast MAC addresses, but the traffic from the Internet VRF to the Checkpoints will be using a MAC address which is a group/multicast MAC address. This is a requirement of the load sharing cluster on the Checkpoint. The easiest way to put the PAN inline is to do layer-2 between the Checkpoints and the PAN. Basically we’d move the interface on the Internet VRF to a new VLAN and use the PAN to bridge it to the new VLAN. We would certainly like to hear from anyone who has put a PAN upstream of their enterprise Checkpoint cluster and how it worked out. Thanks.
... View more
04-26-2013
12:21 PM
I'm running 5.0.2 on a 5060 and have the same problem. The firewall is wide open to the 5060 and I'm running tcpdump on the webserver, with no sign that the 5060 has even tried to connect to port 80 and retrieve the page. We will be upgrading to 5.0.4, so hopefully this problem goes away with the upgrade.
... View more
09-23-2011
01:08 PM
I think you need to reply to farrel.doherty. I had the same problem with 4.0.3 which was confirmed by an onsite Palo Alto tech at the time. The solution was to plug in the syslog target via the CLI.
... View more
09-23-2011
11:57 AM
It is a bug. Once you've got the profile for the syslog server entered, do this from the CLI: set panorama log-settings system critical send-syslog using-syslog-setting SYSLOG-PROFILE-NAME-GOES-HERE set panorama log-settings system high send-syslog using-syslog-setting SYSLOG-PROFILE-NAME-GOES-HERE set panorama log-settings system medium send-syslog using-syslog-setting SYSLOG-PROFILE-NAME-GOES-HERE set panorama log-settings system low send-syslog using-syslog-setting SYSLOG-PROFILE-NAME-GOES-HERE set panorama log-settings system informational send-syslog using-syslog-setting SYSLOG-PROFILE-NAME-GOES-HERE
... View more
09-23-2011
11:28 AM
Such scripts would be run from a trusted PC used to remotely manage the PA device. A read-write administrator account would be created for their use. It's not a good idea to venture into such things unless you are very comfortable with shell scripting and Perl, and the management PC is very, very secure. I would recommend that if you dabble with automating things, begin with read-only access to pull stats and such before graduating to more complicated and dangerous activities. The Palo Alto PAN-perl-20110828.tar.gz package has examples for use of Perl and Expect. I posted a simple Perl Net::OpenSSH script in this forum. There's also the XML API, see docs DOC-1031.pdf and DOC-1714.pdf to get started. Most automation approaches require a Linux managment PC, although I imagine that a person would be able to use Windows and something like AutoIT or other batch tool. Good luck.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-21-2017
04:58 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks