This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About abhishah03
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About abhishah03
07-27-2021
15Posts
0Likes
0Solutions
Jul 27, 2021Last Visited
User
Activity
User
Profile
Latest posts by abhishah03
| Subject | Views | Posted |
|---|---|---|
| 4143 | 07-20-2021 11:34 AM | |
| 4190 | 07-20-2021 01:32 AM | |
| 4409 | 07-20-2021 12:15 AM | |
| 4422 | 07-20-2021 12:01 AM | |
| 4587 | 07-19-2021 11:32 PM | |
| 1689 | 06-23-2021 01:14 AM | |
| 1891 | 06-19-2021 05:45 AM | |
| 1749 | 05-21-2021 08:26 AM | |
| 3722 | 05-14-2021 12:19 AM | |
| 2748 | 05-14-2021 12:18 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 04-22-2021 11:06 AM |
| Date Last Visited | 07-27-2021 11:17 PM |
| Posts | 15 |
07-20-2021
11:34 AM
Yup , that's already in place. Using Private (untrust) IP in NAT; also both interfaces are added in VR.
... View more
07-20-2021
01:32 AM
I've just sent you email, with all the details. Pls check & suggest. The interesting part is everything works fine with traffic ingress point changed to AWS NLB; rather than utilizing the EIP of untrust NIC.
... View more
07-20-2021
12:15 AM
Nope , I can see the packet only entering PA FW ...
... View more
07-20-2021
12:01 AM
@tostern -- Please find the answer inline - - Did you checked your Security Groups on all interfaces? -- SG is set, properly -- Hence the packets are reaching the PA firewall & logs reflecting the same on (AWS flow logs, PA monitor logs) - Did you reviewed all route tables that the traffic get's forwarded correctly? -- Routes is straight forward --- 2 routes on virtual router -- default - 0.0.0.0/0 -- exit thru untrust -> IGW private subnet - 10.x.x.x/24 -- thru Trust interface -- 10.0.0.1 - Did you already asked AWS TAC if they can see the packets and could they explain to you the reason why the packets didn't receive the client host? -- Reason needs to be explained from PA I believe, the packets are reaching the firewall, but not exiting from there :(.
... View more
07-19-2021
11:32 PM
Hi Guys, I am working on inbound (from the internet) flow on the VM-series untrust interface directly. Set up - VM-series FW - 3 interface -- Mgmt , Untrust , Trust Client -> Internet GW -> EIP -> Firewall untrust interface - eth1/1 - > (SNAT - eth1/2 ; DNAT - Server private IP ) -> Server In the monitor log, I can see the SNAT & DNAT taking place, traffic being allowed by Security rule. But nothing is getting forwarded to the Server ... No packets are received on the server-side. I have checked routes , default - 0.0.0.0/0 -- exit thru untrust -> IGW private subnet - 10.x.x.x/24 -- thru Trust interface Is this not bound to work with directly attaching EIP to untrust interface ?? The same set-up works fine , with an NLB (network load balancer) in front of VM-series fw (untrust interface) Just to note - Already have opened TAC support case , with no luck -- too much of back and forth of info sharing , with zero constructive suggestions 😞 ++ @jmeurer -- Any suggestions??
... View more
- Tags:
- AWS VM-series
- packets
06-23-2021
01:14 AM
@Muttley , @PAvillach --- Thoughts ??
... View more
06-19-2021
05:45 AM
Hi Guys, I am trying to enable the VM-series Cloudwatch monitoring , referring the steps from - https://docs.paloaltonetworks.com/vm-series/10-0/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/deploy-the-vm-series-firewall-on-aws/enable-cloudwatch-monitoring-on-the-vm-series-firewall.html Within gateway enabled the option , On EC2 allowed the cloudwatch access with IAM role . Still , I cannt find the Metrics "VMseries" , in AWS cloudwatch . ++ @jmeurer -- Am I missing something here .
... View more
- Tags:
- CloudWatch
- vm-series
05-21-2021
08:26 AM
I have an Panorama managing Firewalls (in different region , subscription) -- latched via Public IP. The firewalls are set to forward logs to Panorama. Unfortunately , the Firewalls are forwarding logs to Private IP address (which is failing cause of no connectivity). How can I force log forwarding to use Panorama's public IP address ? I have already added the Public IP in Panorama Under (Setup -> Interface -> Management interface -> Public IP) . Note - Panorama is set in Panorama mode ; with one disk added in collector group . ++ @jmeurer -- Am I missing something here .
... View more
05-14-2021
12:18 AM
I am design an config backup architecture for all the devices managed by Panorama (in AWS Cloud EC2) , dumping the devices configurations to S3 bucket . Is there anything natively present on this VM-series to utilize for this ? ++@jmeurer , @BPry , @Warby -- Any pointers .
... View more
05-13-2021
11:12 PM
Hi @jmeurer -- Is it safe to change the instance type to M5 , for serial console . Fix the issue , then again change it back to m4 ?? Is there any risk in doing this ? As per AWS doc , it shouldn't be problem - "Upgrade Or Resize EBS Backed EC2 Instance If the EC2 instance you want to change has an EBS (Elastic Block Store) root partition, you can simply change or ‘resize’ the instance. The instance type that you want to resize to must be compatible with the current instance type, otherwise you will need to create a new instance and migrate your apps and data to the new instance (see next section for details on how to do this)." Just wanted to be sure.
... View more
05-13-2021
11:51 AM
@jmeurer , @BPry , @Warby -- Any pointers . Need urgent help to restore connectivity to management interface.
... View more
05-13-2021
11:44 AM
Hi All , Workstation(Dynamic Public IP) - > Used to access Panorama mgmt Interface (mgmt interface is allowing only that workstation IP) The management interface of my Panorama is configured to allow only one particular IP . Now since that workstation has got new IP , we cannot connect to the Panorama VM in AWS any more. Is there a possibility to access the Panorama VM (EC2 instance) sing serial console access in AWS ?? How Palo Alto is providing the Out of band management architecture guidelines to deal with these situations in Public Cloud environment ?? Traditionally if any goes wrong to the remote access of the Palo Alto box , we had the previledge to goto Data-center , connect serial cable and resolve . Whats the equivalent of the same in AWS/Azure ?? Note - The Ec2 instance type used here is m4.large. @admin , @jperry1 , @
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-27-2021
11:17 PM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks