About dan731028

Hey everybody, I'm setting up a 7050 with a log forwarding card to a dedicated log collector.  On the log collector, I have it set to device log collection and collector group communication on ethernet1/5.  I have log settings configured as well as a log forwarding profile.  With traffic running through the firewall, I'm seeing hits against rules on the 7050, but when I run "show logging-status device <SERIAL>" I see the destination IP of ethernet1/5, and I'm seeing logs received for system and config, but I'm not getting any traffic logs.  In the panorama manager, I can see the system and config logs, but I'm not seeing any traffic logs.  Any ideas what could be the issue?   ... View more

I've been doing some tinkering with a pair of 3220s and am noticing that in the GUI it's reporting HA1 Backup is down in the HA widget of the dashboard if I use the HA1-B port.  HA1-A is up, and if I use the management port for HA1-Backup, it comes up fine.  I configured HA1-B the same as HA1-A, only using a different /30 network.  I've tried different cables, and the firewalls are both directly connected.  The activity lights show up on both HA1-A and HA1-B, and if I look at the ports in the firewall CLI they both show 1000/full/up.  Is there something different that has to be configured with HA1-B to get this to work?  I'm assuming there's no known bug as I didn't see anything in the release notes.  Anyone else run into this?   ... View more

Hello All.  I set up the directory service for the first time yesterday.  Everything works, but I noticed the certificate I have to create is only valid for 3 months.  Do i have to renew it every 3 months? ... View more

I've set up my first LSVPN deployment and everything has gone without a hitch.  The only issue I ran into, we were doing an upgrade of PAN-OS on the gateway and satellites.  Satellites all went fine, but my gateway bombed out (first time its happened to me).  We were in an HA pair, but I had duplicate IPs on the network once the passive box rebooted, but I could never communicate or pass traffic with the passive box. Once I got the bad actor off the network and replaced with an on-site spare and the environment back up and stable, the Satellites didn't reconnect.  It took upwards of 45 minutes to get them back online.  It appears once the tunnel goes down on the satellite there's no way to recover until the next portal or gateway check-in.  I was in process to manually reconnect the firewalls, but they came up while I was en route. So, I've read the tunnel monitor difference between IPSEC and LSVPN and looked over the LSVPN deployment guide, but I guess I'm missing how the satellites will recover if connectivity to the gateway is lost.  Currently, I don't have a tunnel monitor set up on the Gateway.  Should I change this monitor to the physical IP of the gateway instead of letting the monitor default to the tunnel interface of the gateway?  Would this improve recovery time? Thanks for any help!  ... View more