About UKRB

UKRB · ‎08-27-2013

Has anyone got anywhere with PAN support with this? I've slightly given up hope which is not great really!

UKRB · ‎11-19-2012

Hi siebi. I'm pleased to hear that I'm not the only one who is having this issue. It's really quite frustrating. I did log it with support a while back but didn't make much progress. Have you logged it at all yourself? Thanks

UKRB · ‎11-16-2012

Hi all, I'm seeing some odd behaviour with apps that use SQL where the app is on a terminal server. The terminal server has an app installed and works perfectly when the PAN TS agent is not running. When the agent is started, the application throws up lots of connection errors. This happens with multiple terminal servers, multiple app and multiple SQL servers. Has anyone else seen behaviour like this at all? Thanks, UKRB

UKRB · ‎10-31-2012

Yes, Bob, your ISP is correct is the short answer. What I would do as a starting point is to look at the IP addresses and subnet mask they have given you. Work out the size of the subnet they have allocated you and all the possible IPs in that block. Discount the network and broadcast addresses, then make a note of the IP in the block you're using for your main firewall interface and then the IP they have give you as a gateway. Whatever IPs left should be free for you to use, assuming they've not used any more and not told you. You can then create policy objects with IPs from the range and then create NAT rules to forward the traffic into your network. Once the NAT rule is in place, the firewall will automatically respond to traffic destined for that IP. No extra configuration is required at the interface level. Your NAT rule would be something like: Soure Zone: Internet Dest Zone: Internet Source Address: Any Dest Address: [policy object with ext ip you want to use] Service: Any Source Trans: None Dest Tran: [policy object of internal device using internal IP] The source and destination zone both being Internet / Untrust is the bit that can trip people up. It's because from the point of view of the external user they are making contact with you an external, public IP and technically they don't know it's destination is internal or going to get NAT'd. Hope that all makes sense! UKRB.

UKRB · ‎10-31-2012

In my experience it is often the switches that cause the delay and not the PA devices. I have a 2020 HA pair running with pretty speedy failover, though it can always be better! If you look at the units when you try a failover you should see all the activity lights on the ports go off on one unit and light up on the other unit. When these light up, the PA unit will be ready to start passing data, so your switch needs to get going too! You said you were testing this by unplugging a data interface - what sort of experience do you get when you do a controlled failover? Device / HA / Operational Commands / Suspend local device Also, are you using striaght through or crossover cables between the units?

Member Since	‎08-08-2011 12:19 PM
Date Last Visited	‎04-01-2019 06:14 PM
Posts	36
Total Likes Received	12

Online Status	Offline
Date Last Visited	‎04-01-2019 06:14 PM

About UKRB

Re: SQL and Terminal Services agent

Re: SQL and Terminal Services agent

SQL and Terminal Services agent

Re: Multiple IPs on public facing interface

Re: HA Down Time

Re: Reports - Best way to see top URLs visited?

Re: Multiple IPs on public facing interface

Re: Server Profiles - Email alerts

Re: HA Down Time

Re: New PA Purchase - Rules question and any tips?

Re: SQL and Terminal Services agent

Re: SQL and Terminal Services agent

SQL and Terminal Services agent

Re: Multiple IPs on public facing interface

Re: HA Down Time