This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About kbrazil
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About kbrazil
08-18-2015
217Posts
82Likes
35Solutions
Aug 18, 2015Last Visited
User
Activity
User
Profile
Latest posts by kbrazil
| Subject | Views | Posted |
|---|---|---|
| 2103 | 05-10-2013 11:03 PM | |
| 3633 | 05-10-2013 10:59 PM | |
| 3141 | 04-05-2013 09:10 AM | |
| 2867 | 03-09-2013 02:10 AM | |
| 1508 | 03-04-2013 06:22 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 03-30-2010 08:29 AM | |
| 1 Like | 12-02-2012 11:32 PM | |
| 1 Like | 02-26-2013 06:17 PM | |
| 1 Like | 06-25-2010 12:11 PM | |
| 1 Like | 03-07-2011 09:59 AM |
User Badges
Community Statistics
| Member Since | 04-08-2009 04:41 AM |
| Date Last Visited | 08-18-2015 09:06 AM |
| Posts | 217 |
| Total Likes Received | 82 |
05-10-2013
11:03 PM
Regarding running DHCP server on an L3 interface vs. L2 interface, you might not need to completely change all L2 interfaces to L3. You could instead just add one L3 interface (if you have any extra), configure DHCP server on it, and physically plug it in to your existing L2 network without affecting the current L2 config. You may even be able to do this with an L3 VLAN logical interface connected to the L2 VLAN forwarding object depending on your configuration. Cheers, Kelly
... View more
05-10-2013
10:59 PM
Yes, multiple interfaces in a Zone are completely fine and will solve the multiple session issue you are seeing. Many customers do this today, even in Vwire mode. Cheers, Kelly
... View more
04-05-2013
09:10 AM
Nice work - looks great. I hadn't thought to use conditional advertisements in this way before. Great use-case! Cheers, Kelly
... View more
03-09-2013
02:10 AM
1 Kudo
Hi Mikand, Leaving the link aggregation to the end-points is recommended when configuring vwire on the firewall. It is possible to use aggregate interfaces on the firewall on vwire, but as far as I know there is no benefit to doing this and it is not considered best practice. Cheers, Kelly
... View more
03-04-2013
06:22 PM
1 Kudo
You may want to enable WildFire by configuring a forward action on a File-Blocking profile. Wildfire runs the executable in a sandbox environment and checks its behavior to see if it is malicious. If so, signatures are automatically generated within an hour with the subscription service. This also feeds into the PAN-DB URL filtering database malware category, so you may also want to block those types of web sites, too. Also, a Continue action on executable (PE or "portable executable") file downloads can help so the user has to specifically click "Continue" to download the file. This is called drive-by-download protection. You can customize the response page to show a warning for these types of files to discourage users from clicking continue. Both options can be combined, as well. Cheers, Kelly
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-18-2015
09:06 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks