This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

About Jonathan_Panes

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Jonathan_Panes
‎10-21-2021
since ‎04-01-2019
L1 Bithead
User Activity
User Profile
My Liked Posts
View All
User Badges
Community Statistics
Member Since ‎04-01-2019 08:44 PM
Date Last Visited ‎10-21-2021 05:58 AM
Posts 9
Total Likes Received 1

Re: Guide for mp-log and dp-log troubleshooting

by in General Topics
‎07-21-2021 05:59 AM
1 Kudo
‎07-21-2021 05:59 AM
1 Kudo
Thanks for sharing these links, these are helpful though not exactly what i was looking for. ... View more

Guide for mp-log and dp-log troubleshooting

by in General Topics
‎07-17-2021 11:10 PM
‎07-17-2021 11:10 PM
Hi All,   Is there a comprehensive guide for knowing which logs to look at in the mp-log and dp-log eg. what log files to look when troubleshooting a particular issue on.   For example if im troubleshooting some OSPF issue, i can look at the mp-log routed.log or for lacp it would be the l2ctrld.log.          ... View more

Re: Failover Behaviors

by in General Topics
‎12-04-2019 07:34 PM
‎12-04-2019 07:34 PM
Hi,   The active firewall went into non-functional state, so the passive firewall took over as active. xxxx@xxxxxx-fw(passive)> show high-availability state Group 1: Mode: Active-Passive Local Information: Version: 1 Mode: Active-Passive State: passive (last 17 hours) Last non-functional state reason: Dataplane down: path monitor failure.   Some related logs on the ha_agent.log: 2019-12-04 09:41:04.464 +0000 debug: ha_slot_sysd_dp_down_notify_cb(src/ha_slot.c:641): Got initial dataplane down (slot 1; reason path monitor failure) 2019-12-04 09:41:04.464 +0000 The dataplane is going down 2019-12-04 09:41:04.464 +0000 Warning: ha_event_log(src/ha_event.c:47): HA Group 1: Dataplane is down: path monitor failure 2019-12-04 09:41:04.464 +0000 Going to non-functional for reason Dataplane down: path monitor failure 2019-12-04 09:41:04.464 +0000 debug: ha_state_transition(src/ha_state.c:1329): Group 1: transition to state Non-Functional 2019-12-04 09:41:04.464 +0000 debug: ha_state_start_monitor_holdup(src/ha_state.c:2518): Skipping monitor holdup for group 1 2019-12-04 09:41:04.464 +0000 debug: ha_state_monitor_holdup_callback(src/ha_state.c:2611): Going to Non-Functional state state 2019-12-04 09:41:04.464 +0000 debug: ha_state_move(src/ha_state.c:1423): Group 1: moving from state Active to Non-Functional 2019-12-04 09:41:04.464 +0000 Warning: ha_event_log(src/ha_event.c:47): HA Group 1: Moved from state Active to state Non-Functional 2019-12-04 09:41:04.464 +0000 debug: ha_sysd_dev_state_update(src/ha_sysd.c:1434): Set dev state to Non-Functional 2019-12-04 09:41:04.464 +0000 debug: ha_sysd_dev_alarm_update(src/ha_sysd.c:1400): Set dev alarm to on     ... View more

Failover Behaviors

by in General Topics
‎12-04-2019 03:40 AM
‎12-04-2019 03:40 AM
Hi All,   Setup: Active-Passive Path Monitoring: enabled, but not configured(nothing under that Path group) Version: 7.1.14     Would an Active firewall change its state to non-functional if both of its HA2/HA-Backup goes down?   Related Logs: 2019/12/04 09:41:04 critical ha ha2-lin 0 All HA2 links down 2019/12/04 09:41:04 high ha session 0 HA Group 1: Ignoring session synchronization due to HA2-unavailable 2019/12/04 09:41:04 high ha ha2-lin 0 HA2-Backup link down 2019/12/04 09:41:04 critical general general 0 Chassis Master Alarm: HA-event 2019/12/04 09:41:04 critical ha ha2-lin 0 HA2 link down 2019/12/04 09:41:04 critical ha state-c 0 HA Group 1: Moved from state Active to state Non-Functional 2019/12/04 09:41:04 critical ha datapla 0 HA Group 1: Dataplane is down: path monitor failure 2019/12/04 09:41:04 high general general 0 9: path_monitor HB failures seen, triggering HA DP down   Also is there an HA Failover table that I could refer so I can reference what is Palo Altos behavior when lets say HA1 fails or HA2 fails etc..   Thanks, John   ... View more

App-ID - ms-rdp not allowed, traffic being blocked as cotp

by in General Topics
‎08-23-2019 07:11 AM
‎08-23-2019 07:11 AM
Hi All,   Were running 7.1.14.  Ive created a rule to allowed ms-rdp to the rule. Ive checked first if ms-rdp has any dependencies, there is none. It implicitly uses cotp and t.120.   So from what i understand from the meaning of Implicitly uses, i only need to allow the main application which is ms-rdp and in turn it will allow implicitly cotp and t1.20. When we did our RDP testing the traffic got blocked with a policy-deny with an application of cotp. Ive added cotp to the rule and the connection worked on upon logging at session end its seeing it as ms-rdp.   So im not sure whether my understanding of the "Implicitly uses" is wrong or is there something else im missing out here. ... View more

Re: Application Override Question

by in General Topics
‎06-17-2019 08:51 PM
‎06-17-2019 08:51 PM
I tried to lab this up.   I created a custom app with for tcp/80 with the parent application as web-browsing. Enable scanning for file types, viruses, data patterns. Then added that application to an application override policy. I tried to download the eicar test file for http. The download proceeded.   When i changed the application override to use the application web-browsing. The file got blocked. I may need clarification on this line:  Because the parent application is web-browsing, the custom application is inspected at Layer-7 and scanned for content and vulnerabilities.   ... View more

Re: Application Override Question

by in General Topics
‎06-17-2019 07:31 PM
‎06-17-2019 07:31 PM
Thanks Luke. ... View more

Re: Application Override Question

by in General Topics
‎06-17-2019 07:31 PM
‎06-17-2019 07:31 PM
Thanks for the reply.   So just to confirm, threat content scanning will still be enabled for app-override policies using:   1. pre-built applicaition 2. custom application with a pre-built parent app   ?? ... View more

Application Override Question

by in General Topics
‎06-16-2019 09:02 PM
‎06-16-2019 09:02 PM
Hi All,   I got this question from the learning center for the PCNSE practice exam. Dont know if its allowed to post the screenshot here.     From my understanding of using the application override, the firewall stops any further content inspection. It was also stated on the admin guide: If you define an application override, the firewall stops processing at Layer-4. The custom application name is assigned to the session to help identify it in the logs, and the traffic is not scanned for threats.   Does using a built-in application on an app-override policy allows the firewall to perform content and threat protection?   Thanks and regards, Jon           ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎10-21-2021 05:58 AM
Likes Given To
View All
Likes From
View All
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks