This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Chris-UNN
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Chris-UNN
03-02-2020
3Posts
0Likes
1Solution
Mar 02, 2020Last Visited
User
Activity
User
Profile
Latest posts by Chris-UNN
| Subject | Views | Posted |
|---|---|---|
| 2956 | 03-02-2020 06:42 AM | |
| 3036 | 02-28-2020 07:43 AM | |
| 3068 | 02-28-2020 05:34 AM |
User Badges
Community Statistics
| Member Since | 02-28-2020 04:41 AM |
| Date Last Visited | 03-02-2020 10:06 AM |
| Posts | 3 |
03-02-2020
06:42 AM
Hi Batd2, My colleague (who does exist, really) can't now remember exactly how he had configured the box as he was using the web gui. But, I'd say your suggestion that the firewall sent out ARPs to claim every ip in the subnet sounds like the most likely cause so I'll accept this as the solution. Thanks very much for your help and the speedy response. Best Regards, Chris.
... View more
02-28-2020
07:43 AM
Hi Batd2, Thanks for the reply. I know my colleague had overload NAT configured, translation set to dynamic ip and port, address type set to interface address, interface set to outside ethernet (1/8) ip address set to 192.168.X.146/24 --------- looks like this was the culprit... But there was no PC at that time connected to the inside. So it seems that the firewall understandably took 192.168.X.146/24 as a pool to use, but I still don't see why it sent out packets using every ip sequentially in that range when there was nothing on the inside trying to connect outwards. Thanks again, Chris.
... View more
02-28-2020
05:34 AM
Hi, My colleague and myself are complete Palo newbies so apologies as this is probably covered elsewhere but I don't know what to search for as I've never seen a firewall do this. We bought a PA-220 for evaluation intending to possibly move away from Cisco. My colleague configured it in a basic way and the box has completely disrupted the test subnet: The outside interface was configured with an ip address in a subnet, let's call it X, i.e. firewall ip = 192.168.X.146 subnet mask = 255.255.255.0 static route with next hop = 192.168.X.254 The PA-220 then sent out packets repeatedly spoofing every possible ip in the range, i.e. 192.168.X.1 to 192.168.X.254 so that everything else in that subnet became intermittently unavailable and of course when the PA-220 reached the router IP, .254 everything was affected - so we had an arp table on the router that looked like this: Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.X.7 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.6 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.5 45 a08c.fdea.724b ARPA VlanX Internet 192.168.X.4 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.3 2 40a8.f05f.a190 ARPA VlanX Internet 192.168.X.2 10 f439.090a.9513 ARPA VlanX Internet 192.168.X.1 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.15 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.14 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.13 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.12 10 f439.090a.940b ARPA VlanX Internet 192.168.X.11 39 8cdc.d43a.7f9e ARPA VlanX Internet 192.168.X.10 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.9 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.8 2 40a8.f045.e603 ARPA VlanX Internet 192.168.X.23 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.22 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.21 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.20 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.19 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.18 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.17 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.16 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.31 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.30 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.29 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.28 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.27 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.26 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.25 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.24 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.39 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.38 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.37 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.36 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.35 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.34 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.33 81 34e5.ecb5.0b17 ARPA VlanX Internet 192.168.X.32 81 34e5.ecb5.0b17 ARPA VlanX The mac address of the PA-220 is 34e5.ecb5.0b17. Just wondering if anyone could point us in the right direction regarding why our box did this. Thanks, Chris.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-02-2020
10:06 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks