This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About DCN
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About DCN
08-18-2015
9Posts
0Likes
0Solutions
Aug 18, 2015Last Visited
User
Activity
User
Profile
Latest posts by DCN
| Subject | Views | Posted |
|---|---|---|
| 2440 | 10-29-2013 02:49 AM | |
| 2611 | 10-28-2013 07:21 AM | |
| 2732 | 10-25-2013 03:53 AM | |
| 2131 | 09-17-2013 09:53 AM | |
| 2187 | 09-17-2013 09:22 AM | |
| 7625 | 09-17-2013 06:29 AM | |
| 7721 | 09-13-2013 09:32 AM | |
| 2276 | 08-15-2013 04:23 AM | |
| 2337 | 08-15-2013 02:45 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 02-12-2013 08:52 AM |
| Date Last Visited | 08-18-2015 09:07 AM |
| Posts | 9 |
10-29-2013
02:49 AM
Thanks SMF. I didnt knew I can add FQDN as destination. To add that I had to create an object, thats where it gives the option of FQDN, and then added that object as destination. Now I am able to check the updates, however downloading the updates is being denied. I assume the IP of which is not covered under the update URL. Can you help in what subnet /URL should I include to get the download working as well. I have allowed SSL applicaion in the policy. Regards
... View more
10-28-2013
07:21 AM
Thanks for your response slv and VinceM. I am using an outside interface for update in my case. While writing the policy I have the source as my outside interface (public IP) and destination as ANY, and applications as paloalto-updates, ssl and couple of other paloalto applications. My question is do I have keep the destination address in policy as "ANY". I understand the IP for updates changes frequently and the actual updates are hosted at akamai servers, IP of which changes every time as well. Regards,
... View more
10-25-2013
03:53 AM
Hi, I am having an internet facing firewall which needs to be kept updated with the Threat/AV software. I have configured the service route to use the correct interface for updates. However, it still cant check and download the required updates. As its evident I need to have a policy in place to allow the above traffic. I know what source to use, but can some one shed light on the destination address? Should I use "Any" with application as paloalto-updates? Many thanks.
... View more
09-17-2013
09:53 AM
HI Kunal, I prefer all the clients to ping it's default gateway. Correct me if I am wrong but by adding Permitted IP addresses to your Interface Management profile i still have to create multiple profiles which is as good as rules for each VLAN to permit ping . Thanks RT
... View more
09-17-2013
09:22 AM
Hi, I have Palo acting as Layer3 gateway and I would like to always allow clients within the VLAN to Ping their default gateway (i.e. Layer3 Sub-Interfaces on Palo firewall) by default (running in Active/Passive mode). In my case multiple Layer3 Sub-Interfaces are sharing same Zone hence allowing blanket rule to permit ping within Zone may be harmful and I want to limit clients in specific VLAN to only ping it's respective default gateway. I have created Management Profile and attached to Layer3 Sub-Interfaces too. Can this be achieved without having individual rules for each VLAN to permit ping? Appreciate your help. Thanks RT
... View more
- Tags:
- ping
09-13-2013
09:32 AM
Hi, I have seen strange behaviour between two palo alto firewalls. I have pair of PA-3020 and Pair of PA-500 in Active/standby scenario. They serve two different networks but to provide interconnect between two networks they (Eth 1/3) are connected to Cisco Nexus switch via FEX (VLAN 129). Has anyone seen a case where two different models of the firewall connected via same vlan share same mac address? admin@CFWL02(active)> show arp all interface ip address hw address port status ttl -------------------------------------------------------------------------------- ethernet1/3.129 10.224.63.33 00:1b:17:00:01:12 ethernet1/3 c 1487 admin@MFWL02(active)> show arp all interface ip address hw address port status ttl -------------------------------------------------------------------------------- ethernet1/3.129 10.224.63.36 00:1b:17:00:01:12 ethernet1/3 c 1627 L2S01# sh mac address-table vl 129 Legend: * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC age - seconds since last seen,+ - primary entry using vPC Peer-Link VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID ---------+-----------------+--------+---------+------+----+------------------ + 129 001b.1700.0112 dynamic 0 F F Po1000 L2S01# sh mac address-table vl 129 Legend: * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC age - seconds since last seen,+ - primary entry using vPC Peer-Link VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID ---------+-----------------+--------+---------+------+----+------------------ * 129 001b.1700.0112 dynamic 10 F F Eth122/1/47 I will appreciate your help if you advise me. Thanks RT
... View more
08-15-2013
04:23 AM
Thanks Harsha.. The dictionary file was located in Appendix 1 of the document you suggested. And I have completed the SBR config bit by visiting the following url: Dictionary Files
... View more
08-15-2013
02:45 AM
Hi, We are using Steel Belted Radius Enterprise Edition v6.1.6 for authentication on all the network devices. We have few PA3020 and PA500. Now we would like to authenticate these firewalls via the same Steel Belted Radius Server. I am unable to locate Palo Alto as vendor in the SBR admin GUI. I have tried selecting the Standard Radius Option, but that doesnt help. Can you please point me in the correct direction so as to get the necessary dictionary files. Thanks.
... View more
Labels:
- Labels:
-
Troubleshooting
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-18-2015
09:07 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks