About Unibw

old thread but may help someone that runs into this issue that works in a M$ shop.. use Super Scopes in M$ DHCP ... View more

Hello,   We were also running into same issue, with NO tunnel monitors.   Every 3 seconds or 5 seconds our SPI will change, or reset to different; indicating that new 'interesting traffic' has been selected.   It was very weird behavior, certain hosts could ping fine but others wouldn't, tunnel kept resetting every 3-5 seconds.   The remote end/peer was Fortinet firewall.  Turns out, our peer was doing 'strict phase 2 IP selection' in Route-Based Tunnel.  In other words, in palo alto, even in route-based tunnel, we had to define proxy ID, and everything started to come normal!!!!! ... View more

hi  We have one customer using solarwinds IPAM but not able to get the ARP-IP mapping using snmp OID 1.3.6.1.2.1.4.22    can you please confirm us if its works with you or not .   thank you    ... View more

Thank you! You are right suggesting sinkholing.   I already use DNS sinkhole for but not every URL in category malware seems to be covered with a DNS suspicious signature.  Only small parts regarding the logs in my environment. Therefore PANW claims a block in the log but a parallel installed IDS shows, that the callback was already transported.   Is there another modus which withholds the HTTP Request until the respose is there?   Any idea why category malware is not completly covered by IDS signatures? ... View more

I agree with Greg on this one.   I'd highly suggest to your customer to NOT set a timer globally so high.  I'm sure impact would depend on the platform and amount of traffic, but the resource impact would probably be significant.   Timeouts are based upon IETF standards and application requirements.  Deviations of these standards should be based upon specific needs.   Just because 5 applications out of 2,400+ need a non-standard timer doesn't mean you change the entire design of the box. ... View more