This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About ccarter
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About ccarter
09-11-2023
8Posts
1Like
2Solutions
Sep 11, 2023Last Visited
User
Activity
User
Profile
Latest posts by ccarter
| Subject | Views | Posted |
|---|---|---|
| 5573 | 08-27-2020 09:55 PM | |
| 5948 | 08-06-2020 03:30 PM | |
| 2444 | 06-16-2020 05:51 PM | |
| 3812 | 05-06-2020 03:08 PM | |
| 3942 | 04-30-2020 04:20 PM | |
| 120132 | 04-29-2020 10:12 PM | |
| 4416 | 04-13-2020 03:31 PM | |
| 4543 | 04-02-2020 07:10 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 04-13-2020 03:31 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like |
User Badges
Community Statistics
| Member Since | 03-08-2020 09:28 PM |
| Date Last Visited | 09-11-2023 12:31 AM |
| Posts | 8 |
| Total Likes Received | 1 |
08-27-2020
09:55 PM
Well, that was fun. The cause was discovered at our WAN gateway. Diverting SMTP traffic into a different WAN interface, bang! Emails that were pending for delivery just bulk dumped into everyone's mailbox. Dealing with Telstra is an absolute nightmare so this was the only option. There was no way I was ever going to get a technical resource that has the knowledge to troubleshoot this issue. I was impressed with the methodical way that Palo Alto Support assisted from discovery through to analysis and packet capture, it was a breath of fresh air. For those that may find this interesting, these were the steps that they took to identify the issue was not with the Palo or internal network. Using the app override function to bypass Layer 7 inspection to rule this out was a very good thing to learn during this process. ++ Pattern in both packet captures is same that is when layer7 inspection was going on and when we did app-override, ruling out issues with layer7. ++ I suspect network issue based on following observation: > Merge receive1 and transmit1 packet captures. > Filter packets with "tcp.port==39775 " > In merged pcap, at one point starting from frame number: 5708, issue occurs. This packet is from 67.219.246.155(Symantec)-->xxx.xxx.xxx.xxx (Exchange server public IP). > Next expected sequence number is 2431727156, but this packet never arrives on firewall and such will not reach exchange server. > Exchange server (or any TCP based application will work based on dup ack to tell the client or server that they didn't receive an expected packet) starts sending dup ack for 2431727156 and this goes on until the end of the entire TCP stream but the missing packet is never seen again from the Symantec side as if it is not getting the "dup acks" from Exchange server. > Firewall has these dup acks in its transmit stage which means firewall is sending out towards Symantec side. > No drops seen in drop1 packet capture for this port. Next Action Plan: ============= ++ This now needs to be checked between Symantec and Firewall. A packet capture on intermediate devices can tell where did the missing packet go. Simultaneous packet captures can be done on intermediate device and PA-FW. Next step, get rid of Telstra.
... View more
08-06-2020
03:30 PM
Hi All, I was . Over the past couple of days we have seen a increase in delayed or non delivered emails that contain attachments greater that approx. 3mb that are being rejected or non delivered to the mailbox transport server. It is now a permanent issue and we have identified that the firewall is the cause of the issue but I am unsure how to fix this. Steps to recreate: Emails sent from external domain to internal domain is received by our email security platform and then forwarded to our on-premise mail server. When the email is forwarded our email server then delivers the mail to the recipients mailbox and this is confirmed as successful. Issues: A email with an attachment greater than approx. 3mb is hitting our email security platform and then queued for delivery. When the attempt for delivery is made from the email gateway service, we get the following error repeatedly until the retry attempts expire. - Response 451 4.4.2 [internal] connection closed by remote host. 2020-08-06 05:32:57 PM Response: 451 4.4.2 [internal] connection closed by remote host 2020-08-06 05:33:46 PM Delivery attempt #2 2020-08-06 05:33:46 PM Recipient server: What has been attempted: We have spoken with Microsoft Support and they have advised that once an email reaches the exchange transport service it is immediately passed to the recipient mailbox. Meaning no issues with configuration of transport rules and internal network. It has been identified that these retry attempts of emails that have attachments never reach the exchange server. The rejection error of 451 4.4.2 indicates that there is a network error between the security platform and the on premise exchange server that indicates the firewall as the cause. Tried modifying the security policy by removing the IPS security profile and removing the service and application defaults of SMTP to be any/any with no success. Help Required: Really need some assistance troubleshooting the traffic coming inbound and why it is being rejected by the firewall when the email contains attachment <3mb. Thanks in advance, Chris.
... View more
06-16-2020
05:51 PM
Hi All, Due to a number of system administrators working from home, I have been asked to allow vCenter Server Appliance Web user interface HTTPS port 5480 through the firewall for administration over VPN (Global Protect). Specifically port 5480. vCenter uses standard ports 80 and 443 and successfully navigates to the site. I have been unable to trace the reason why the site cannot be reached and looking for suggestions as the palo is not showing any traffic in the logs (that i can find). Steps I have done: 1. Created a new custom application object tcp\5480. 2. Applied the new custom app to the relevant security rule. Wondering if anyone else has seen this behavior before? Cheers, Chris
... View more
05-06-2020
03:08 PM
I mentioned that it was going to be painfully obvious and it was once someone pointed it out and I was correct.
You have no idea how much I have been trying to find it, I wish I could buy you a beer or something.
... View more
04-30-2020
04:20 PM
Hi All, I am in the process of deploying MineMeld for O365 endpoints and I am completely stuck. Following this article: https://live.paloaltonetworks.com/t5/minemeld-articles/enable-access-to-office-365-with-minemeld-updated/ta-p/224148 I it mentions To save you the hassle we've created a set of configurations you can import. Unzip the attached file MMO365-API_ConfigFiles.zip to get the following collection of configurations." Can anyone point me to where I can download the MMO365-API ConfigFiles.zip or direct me to where I can download the O365-api-any-any.txt file? I know it will be painfully obvious where it is, but I just cannot locate it. Thanks in advance, Chris.
... View more
04-29-2020
10:12 PM
This will be painfully obvious once someone points it out. Where is this file attached and how do I get it?
"Unzip the attached file MMO365-API_ConfigFiles.zip to get the following collection of configurations."
... View more
04-13-2020
03:31 PM
1 Kudo
Many thanks for the answer @reaper. Clear and concise which is a very hard trait to have in the world of firewalls. Many people over complicate answers and this was spot on.
... View more
04-02-2020
07:10 PM
Hi All, Just wondering if anyone can explain why the application objects have thousands of objects, but when attempting to create a policy based forwarding rule for a specific app (in my example, ms-teams), it does not appear in the drop down options in the Application drop down. Can anyone guide me on the best way to setup PBF for ms-teams? Thanks All.
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks