This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About PaulBarrington
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About PaulBarrington
02-23-2022
2Posts
0Likes
0Solutions
Feb 23, 2022Last Visited
User
Activity
User
Profile
Latest posts by PaulBarrington
| Subject | Views | Posted |
|---|---|---|
| 1172 | 10-02-2013 02:58 AM | |
| 5064 | 09-20-2013 04:52 AM |
User Badges
Community Statistics
| Member Since | 04-26-2013 01:25 AM |
| Date Last Visited | 02-23-2022 08:18 AM |
| Posts | 2 |
10-02-2013
02:58 AM
Hi folks, I am trying to set up a PA200, running 5.0.6, to use two ISPs and set one set of users to use one ISP and the other users to use the second ISP for their outbound traffic. My problem is that as these are ADSL circuits, each time the connection is made to the ISP, the next hop ip address may change and therefore the PBF rules that are there will fail. I've create test lab environment to simulate the customer's setup. I've created three zones (trusted1, trusted2 and untrusted) and a security policy that allows source trusted1 and trusted2 to go to destination untrusted. I also created two static routes (0.0.0.0/0) for both ISPs with the primary route to ISP1. This setup allows all traffic to flow through ISP1 unless ISP1 is down and then everything fails to ISP2. I then created two PBF rules. Rule1 allows trusted1 to the interface connected to ISP1 and Rule2 allows trusted2 to the interface connected to ISP2. In both PBF rules, I have not set a next hop ip address. With these PBF rules in place, the monitor tab shows that traffic from trusted1 and trusted2 are being passed to the untrusted zone, but no traffic is hitting the test routers. If I disable one of the PBF rules (either one), all of the traffic beings to flow through the interface of the disable PBF rule. Is there any way to set up a PBF rule(s) without setting a next hop address?
... View more
Labels:
- Labels:
-
Configuration
-
Networking
-
Set Up
09-20-2013
04:52 AM
Hi, I was wondering if any of you chaps and/or chapesses have come across a problem getting the correct User-ID information when using wireless authentication. The problem I have is that I have a Palo Alto firewall that happily uses the User-ID Agent from AD/Security Event log to get User-ID information about wired connections to their network. The customer also has an Aruba wireless network using 802.1x authentication via an NPS service backed off to their Windows AD. Because the authentication request appears to come from the Aruba Wireless Switch, via an NPS server on the network, the information recorded in the Security event log has the relevant user with the IP address of the wireless switch. The client device hasn't been granted any wireless network rights until it is authenticated, not even access to the DHCP server, and therefore doesn't have a IP address. Once the client is authenticated, it is issued an IP address, which doesn't match the one in the event log and therefore the Palo Alot doesn't tie this IP address to this user. Any assistance on this would be grateful.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
02-23-2022
08:18 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks