Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- 5G/IoT
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma Access Insights
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- ›
- About ncampagna
About ncampagna
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
10-19-2020
73Posts
23Likes
17Solutions
Oct 19, 2020Last Visited
User
Activity
User
Profile
Latest posts by ncampagna
| Subject | Views | Posted |
|---|---|---|
| 4899 | 07-16-2013 10:48 AM | |
| 862 | 05-28-2013 06:24 AM | |
| 1300 | 03-26-2013 07:23 AM | |
| 1300 | 03-15-2013 08:24 AM | |
| 1300 | 03-11-2013 05:05 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 01-31-2011 09:40 AM | |
| 1 | 08-10-2010 07:53 AM | |
| 1 | 07-16-2013 10:48 AM | |
| 2 | 01-13-2011 03:58 PM | |
| 1 | 01-21-2011 08:29 AM |
User Badges
Public Statistics
| Date Registered | 12-08-2009 11:52 AM |
| Date Last Visited | 10-19-2020 04:25 PM |
| Total Messages Posted | 175 |
| Total Likes Received | 23 |
07-16-2013
10:48 AM
1 Kudo
Hi Alexander, If you have three separate sites, you'll need a separate IKE gateway for each. The IKE gateway specifies the local and remote IP addresses that will be the termination points for each tunnel. In your case, you would configure three IKE gateways, and associate unique tunnel to each one. Thanks, Nick
... View more
05-28-2013
06:24 AM
Hi Cheon, You can find the total number on each platform's specsheet. For example, the PA-5060 can reuse each available source port up to 8 times (this is called DIPP oversubscription on the specsheet). Since the available port range is roughly 1k-64k, it can use 63k source ports, with each creating up to 8 sessions if they're destined to different hosts. Thanks, Nick
... View more
03-26-2013
07:23 AM
Hi Patrick, Sorry for the late response on this. I don't see anything wrong with your configuration. Could you please file a case with support so that we can take a closer look at the issue? Thanks, Nick
... View more
03-15-2013
08:24 AM
Hi Patrick, Could you please list out the types for each zone and the virtual system that contains each? The error message is a bit odd as there is no zone type called zone-protection-profile. It may just be a simple wording error so I'd like to see a bit more on the configuration before jumping to any conclusions. Which version of PAN-OS are you running at the moment? Thanks, Nick
... View more
03-11-2013
05:05 PM
Hi Paul, We can only perform zone protection on the ingress interface. We're unable to do so on an external zone. Have you filed a case by any chance? Although I'm not sure about our options in this specific case, we generally prefer to perform checking at the time of configuration rather than at commit time. Thanks, Nick
... View more
03-11-2013
05:01 PM
Hello craymond, If you set the virtual system on the VR page, or the VR on the VSYS page, those settings will affect each other. My point was just that this is a loose association. You can attach VR1 to VSYS1, and still bind VR1 to VSYS2 on all of the interfaces that reside in VR1. That means that the VR1 to VSYS1 binding essentially had no effect. Hope this helps, Nick
... View more
02-21-2013
04:30 PM
1 Kudo
SCoupland stated it well. The VR assignment to a VSYS (done on the Virtual Systems page) is only used to provide a visual association between the VSYS and VR. The important link between a VSYS and a VR is on the interface configuration. Thanks, Nick
... View more
06-20-2012
10:13 AM
2 Kudos
Hi Johnson, You cannot attach an IPSec tunnel to multiple IKE gateways. You can attach multiple IPSec tunnels to a common IKE gateway. This is commonly done to support >10 proxy IDs on a connection to a single VPN (IKE) peer. Can you please share a bit more information on what you're trying to do? That way we can recommend the correct configuration. Thanks, Nick
... View more
06-13-2012
08:20 AM
At this time we don't offer an HA solution that allows you to oversubscribe your firewalls. The reason is that a failure will be unpredictable if you're trying to push >100% of a firewall's throughput through it. In fact, our general recommendation is to size the pair so that a single firewall can handle ALL of the traffic through the pair just in case there's a failure. Thanks, Nick
... View more
06-11-2012
08:29 AM
HA3 is required for Active/Active deployments. We use HA3 to ensure that a packet can be processed by the session owner regardless of which device receives it. This capability is essential in asymmetric environments where App-ID and Content-ID are enabled. Thanks, Nick
... View more
05-08-2012
12:43 PM
Christopher, Which piece of information did Jason provide that you would like to see in the admin guide? I'd like to see about adding that into the guide. Thanks, Nick Campagna Product Management
... View more
04-19-2012
06:58 AM
Hi Kim, I'm sorry but I cannot make comments related to roadmap content or timing on this forum. I can suggest that you speak to your account team to see if we'll have available spots in our next beta... Thanks, Nick
... View more
02-27-2012
09:16 AM
Hi Jeff, You do have other options aside from moving to a larger box. It's possible to optimize your security rules so that less intensive scanning is required. You could, for example, disable server response inspection if you are protecting a server in your network that is inherently trusted. You may be able to override (and therefore skip inspection of) other types of trusted traffic to free up the resources of your device for higher risk traffic. If such optimizations cannot be made, a bigger box may be your best best. Thank you, Nick Campagna Product Management
... View more
02-22-2012
08:38 AM
Hi Stephen, It's a bit tough to read your configuration in this format. Could you please paste in the CLI output? I think the issue is that you're using 172.31.31.0/24 as an IP address. .0 isn't a legal address so the commit is failing. I'll be able to confirm if you can paste in the IKE gateway configuration and the IPSec tunnel configuration. Thanks, Nick Campagna Product Management
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-19-2020
04:25 PM
|
Latest Tags
No tags yet
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
