About stevenjwilliams83

Hi @stevenjwilliams83 ,   Did the metrics stuff that @OtakarKlier advised work for you? My issue is slightly different but more like yours. Even after increasing the ospf priority of the ae interface on the Palo Alto (PA) firewall facing 2 L3 switches, the PA firewall still didn't win the DR election, and its priority is higher than that of the interfaces on connecting switches facing it.      ... View more

Hi @MP18, I'm trying to understand the best option when putting 2 x PA NGFW's in Active/Passive, each with Vwire's between a Check Point 2-Node Active/Passive Cluster and 2 x L3 Switches.  My specific concern was how the Active PA NGFW would follow the Active Check Point Cluster Node in a fail-over event.  My concern quickly switched however when VSLS was enabled to make the Check Point Cluster Active/Active.  Now I am trying to understand the implications of PA Active/Active Vwire's in a failure scenario. My backup plan is no HA with TCP syn check disabled and to be honest will most likely be the chosen option as we're in emergency response mode for this work. Thanks Ben ... View more

expedition@Expedition:~/BUILD# sudo service rsyslog stop   Afterwards, modify the config file so it would stop listening the ports. In this case, if Expedition tries to restart the service, it won't capture the data.   But, best and in addition, you should stop the log forwarding profile in the firewalls. ... View more

Yes, you will have to rename the file each time. I guess that you are already scripting the export task to be done every 15 minutes (as the firewall only allows a daily export). In your script, try to rename any existing file in Expedition with today's name prior to download the next 15 minutes of logs. ... View more

Explained here: https://live.paloaltonetworks.com/t5/Expedition-Discussions/How-to-expand-storage-by-adding-a-second-drive-to-Expedition/td-p/252327 ... View more

No need to write commands.   You can do it from the Dashboard, or, if you are within a project, you have the option "Restart Task Manager" within the top right menu (menu located under the projects name) ... View more

Explained here https://live.paloaltonetworks.com/t5/Expedition-Discussions/Real-time-update-tab-in-Devices/td-p/247136 ... View more

The recommendation is to add and mount a second disk to expand the traffic log storage.    ... View more

@stevenjwilliams83 , So this depends a little bit on your configuration on your switch. By default, the switch actually won't tag the native vlan at all, and a trunk port with a set native VLAN will assign all untagged frames to that VLAN. However, with the command 'vlan dot1q tag native' you can essentially override that behavior so that even the native vlan will tag the frames on the trunk port.    The PA has no understanding a "native vlan" because outside of Cisco that doesn't really mean anything. The traffic either has tagged frames or it doesn't. Unless you have the configuration statement 'vlan dot1q tag native' in your configuration, the native VLAN on your trunk port is simply untagged traffic.  ... View more

@stevenjwilliams83 wrote: I am not trying to do anything, I am just trying to understand it. So if my gateways exist on another device other than the PAN, why not run it in vwire between the switch and layer 3 device? Many ways to skin a cat, but trying to see what way others skin it.   I think in a good majority of use cases the gateway is the firewall, in the cases where it's not then you're right vwire would also be an appropriate solution.   I've only ever deployed vwire once, in a limited deployment, but it's my understanding there are some things you can't do in vwire.  So if you're looking to implement a vwire deployment I would be sure all features you need/want are supported.  (I think response pages via vwire for non-decrypted traffic isn't possible.) ... View more