This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About SmartEdgeJC
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About SmartEdgeJC
03-21-2019
7Posts
0Likes
0Solutions
Mar 21, 2019Last Visited
User
Activity
User
Profile
Latest posts by SmartEdgeJC
| Subject | Views | Posted |
|---|---|---|
| 2670 | 09-08-2014 08:31 PM | |
| 2670 | 09-08-2014 07:50 PM | |
| 2769 | 09-03-2014 08:12 PM | |
| 2767 | 09-23-2013 03:01 AM | |
| 2767 | 09-23-2013 02:48 AM | |
| 2938 | 09-23-2013 02:47 AM | |
| 3117 | 09-21-2013 06:56 PM |
User Badges
Community Statistics
| Member Since | 04-26-2013 05:35 PM |
| Date Last Visited | 03-21-2019 02:11 AM |
| Posts | 7 |
09-08-2014
08:31 PM
Hi Hulk, thanks for your reply. I sure hope that's the case, but given my experience with this particular ISP, I wouldn't put anything past them... They are truly, amazingly horrific. Fingers crossed I don't have to babysit this in the future! Cheers, --jeff
... View more
09-08-2014
07:50 PM
Thanks for your reply, Steven. The problem still seems to be that I have to specify a next-hop in the PBF policy, and the next-hop is subject to change... right now I have just copied the gateway pulled via DHCP from the interface to the PBF policy. Is there a way to do this without PBF that I'm not seeing? Thanks, --jeff
... View more
09-03-2014
08:12 PM
Hi all, I have a client who has (for reasons beyond my ability to comprehend) decided to be pathologically cheap about one ISP link at one of their sites (running a PA-200), and are dropping their static IP in preference for more bandwidth at less cost. Anyway... Stable internet connectivity via any available ISP at this particular site is a dicey proposition, so failover is a must. Presently, I have three virtual routers -- one for each ISP, and an internal VR (which runs OSPF on VPN tunnel interfaces linking to other sites). Each ISP VR has a default route to the ISP's next-hop, and routes to the internal subnets via the internal VR. The internal VR has a default route to next-vr ISP2-VR. ISP2 is more reliable than ISP1, but a lot slower, so I have a PBF rule having internet-bound traffic forwarding via ISP1, next-hop being the ISP1 gateway, fail-over monitoring one of that ISP's DNS servers. This has been working extremely well. Now that they are pulling the static IP off of ISP1, I have to figure out a way to prefer it without always knowing what the next-hop is, as that will be pulled into ISP1-VR by the DHCP client, and will be subject to change with no notice. The first way that crossed my mind was to have another router (something cheap and cheerful like a MikroTIK) between the PANFW and the ISP, and have it do the NATing... but I would like to be able to remotely manage the PANFW via the ISP2 static IP, and look at what IP address it is pulling from ISP1 via DHCP... I don't want to have to regularly log into another device, or teach others how to do so. The second way I thought of was to have PBF egress via a new physical L3 interface on the internal VR, next hop out to another external physical router (MikroTIK, etc), then have that external router throw the traffic back into the PANFW on another L3 interface on the ISP1-VR which will send it out via whatever default route has been pulled from the ISP............ but that sounds pretty kooky. Does anyone have any better ideas on how I might accomplish this? Many thanks for your thoughts! Cheers, --jeff
... View more
Labels:
- Labels:
-
Configuration
-
Networking
09-23-2013
03:01 AM
The use case here is for some employees with Macs to be able to log into the terminal server from home. I'm told that connecting a Mac to a Sonicwall can be a pain in the backside. Obviously GP works on OS X, and I bet the built in VPN client would work fine as well... but the preference at this point is to rock the boat as little as possible to get the blue device in the door. I considered throwing it in in vwire mode but one of their pain points is how pokey the Sonicwall is with all the security features turned on.
... View more
09-23-2013
02:48 AM
I imagine that if they buy this thing after the POC that they'll be deploying GP, but sadly for now I have to figure out how to do this without otherwise it isn't going to fly......................
... View more
09-23-2013
02:47 AM
Outside on the internet. Thanks, --jeff
... View more
09-21-2013
06:56 PM
Hi all, I am configuring a PA-500 for a POC exercise with a customer who is currently using a Sonicwall. While there are obviously other/better ways to accomplish this and I realize how silly this is, given the limited scope I'm presently working in, I need to find a way to replicate a feature they presently "require". In Sonicwall world, a user outside the corporate network can browse to the WAN IP of the firewall and log in with their credentials to become a "Trusted User" on the firewall. A firewall rule applying only to "Trusted Users" then allows them to RDP to a different IP in their /28 which gets NAT-ed through to a Remote Desktop server on the inside. Kind of a "Captive Portal in reverse", I guess. Is there any way to replicate this functionality as closely as possible in PAN world?? Many thanks! --jeff
... View more
- Tags:
- sonicwall
Labels:
- Labels:
-
Configuration
-
User-ID
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-21-2019
02:11 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks