Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About Smi12
About Smi12
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
06-29-2018
16Posts
0Likes
0Solutions
Jun 29, 2018Last Visited
User
Activity
User
Profile
Latest posts by Smi12
| Subject | Views | Posted |
|---|---|---|
| 1030 | 03-04-2016 12:58 AM | |
| 1070 | 02-29-2016 01:40 AM | |
| 1104 | 02-25-2016 08:25 AM | |
| 1318 | 09-25-2014 07:35 AM | |
| 1725 | 09-25-2014 05:12 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 1 | |||
| 1 | |||
| 2 | |||
| 1 |
User Badges
Public Statistics
| Date Registered | 07-01-2013 08:35 AM |
| Date Last Visited | 06-29-2018 05:43 AM |
| Total Messages Posted | 17 |
03-04-2016
12:58 AM
Hello, it is the remote DNS server sending the "no such name" response. However what I was expecting is that for the reason the lookup contains a known malware domain it would trigger the PA to respond with the Sinkhole IP instead. Instead its not seen as Malware so does not trigger the sinkhole. I'm going to be spending some time next week looking at this again and will update.
... View more
02-29-2016
01:40 AM
Thanks for the response, for further info as of today we are running AV 1797-2276 and I have performed further tests.
My sinkhole spyware profile is configured like this:
I then attempt to lookup a known malicious domain. In the traffic logs I can see that my test traffic hits the correct security rule that should apply the dns sinkhole IP address. However it does not sinkhole the traffic and does not trigger a threat log for spyware domain.
Using packet capture I can see that my query contains the known malicious domain as below:
Does anyone have any further thoughts that may help please?
... View more
02-25-2016
08:25 AM
Hello, has anyone had any problems with DNS sinkhole not triggering on PAN-OS 6.1.4 ?
I have created a security policy for DNS traffic between a LAN side DNS server and a WAN side upstream DNS server, the Palo sits at the WAN edge between the two DNS servers. Attached to this security policy is an Anti-spyware security policy with DNS action alert. This works as expected, alerting every time a query for a known malicious domain is seen, so no problem seeing the traffic albeit with the LAN side DNS server as the source IP address.
So with a duplicate (higher) security rule and spyware policy now set to sinkhole, the traffic is seen as "DNS" by this new rule but does not trigger the treat and so does not receive the sinkhole IP address I have set.
Any help would be greatly appreciated.
... View more
09-25-2014
07:35 AM
Still trying to work out if the Linux based PAN-OS including that used by Panorama is vulnerable to this also? any thoughts HULK or mrsoldner ?
... View more
09-25-2014
05:12 AM
Is Palo vulnerable to the shell shock Linux bug? http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
... View more
09-24-2014
06:37 AM
Thanks for the info HULK and hshah , another trip to the SE.... I'm still waiting for ECMP a year on, so I will not hold any hope for another feature request.
... View more
09-24-2014
03:54 AM
Does anyone know if the BrightCloud® Real-Time Anti-Phishing Service works with Palo Alto NGFW's? (with the correct license of course?) BrightCloud Real-Time Anti-Phishing Service | Webroot BrightCloud
... View more
Labels:
- Labels:
-
App-ID
-
Configuration
-
Content-ID
12-12-2013
06:23 AM
Hello I'm currently configuring a PA-2050 running PAN 5.0.9 Can anyone confirm if the Application Override Policy match criteria should be configured to match on the Pre-NAT or Post-NAT zones and IP addresses. I'm assuming it will match in the same way as a security policy does, and use the Post-NAT Zone, while the IP address match is based upon the Pre-NAT original packet destination? I've just read the PAN 5.0 Admin Guide and it makes no mention of the Application override match criteria with regard to NAT and neither does . Any help would be appreciated, thanks in advance.
... View more
Labels:
- Labels:
-
App-ID
-
Configuration
-
Set Up
12-09-2013
01:15 AM
Thanks for the quick answers! It's very disappointing that PA do not support ECMP, especially as our current CheckPoint platform does: Routing Options Anyway we are raising this "feature" with our SE to confirm if it is under development. Thanks again.
... View more
12-06-2013
03:26 AM
We are in the process of replacing an internet facing Check Point (NokiaIP560) deployment with Palo Alto (PA-2050) running PAN-OS 5.0.9. The current checkpoint deployment has two equal cost default routes to the upstream providers routes. These two next hop IP addresses are the multi-group VRRP IP addresses to achieve outbound load sharing. Below is the "show route" output from the Check Point firewalls routing table, it appears to show two equal cost static default routes. S 0.0.0.0/0 via x.x.x.209, eth-s4p1c0, cost 0, age 31245795 via x.x.x.210, eth-s4p1c0 Does anyone know if Palo Alto will support the above equal cost/metric default route in the way Check Point does? If we attempt to add the two static routes as above, the commit fails with the error: In virtual-router default, the static route Default-2 metric value 10 is not unique among static routes to destination 0.0.0.0/0.(Module: routed) Config commit phase 1 aborted(Module: device) Commit failed If we are not able to duplicate the Check Point routing, we believe this would mean sending all outbound traffic on a single default route to a single upstream router IP address, and essentially loose the ability to load share the two upstream Internet circuits thus loosing 50% of outbound bandwidth. Does anyone have any suggestions on our scenario?
... View more
Labels:
- Labels:
-
Configuration
-
Networking
-
Set Up
11-08-2013
06:01 AM
I've inherited the management of a PA-500 that was previously linked to a Panorama server. When I try to commit I receive the following error VSYS1 Error: Number of profiles (4294967292) exceeds vsys capacity (50) (Module: device) Commit failed I've looked through the the configuration and there only appears to be a handful of av, malware, threat etc... profiles. I've even deleted every profile I can find and I still receive the above error. Short of a factory default I'm not sure what else to do. We are running PAN-OS 5.0.8 Can anyone help? Thanks
... View more
Labels:
08-08-2013
02:52 AM
Hello Did you ever manage to solve this issue with the control channel timeout? I have encountered the same problem, is it just a CLI command to alter the default 1800 idle session timeout?
... View more
07-26-2013
02:45 AM
Just a quick update to say the issue is logged with PA TAC their initial investigation is pointing towards a suspected bug.
... View more
07-24-2013
03:33 AM
Hello I'm trying to find out what the following two counters are all about and if our rate/count for these counters are anything to worry about regarding Data plane performance issues with our PA2050 Active-Active platform. Name Category Severity Aspect Value Rate aho_sw_fpga_unavailable aho warn pktproc 29184581 949 dfa_sw_fpga_not_loaded dfa warn offload 18083540 542 Any info would be greatly appreciated.
... View more
Labels:
07-23-2013
12:37 AM
Thanks for the Reply, See attached files: “PA-2050-1 - show running resource-monitor at time of high CPU.txt” – this was taken at the time of high CPU yesterday. All the remaining attachments were captured this morning, however all threat protection policies and logging are disabled to avoid having to physically bypass the Firewalls, so the rest of the attachments are after threat and logging were turned off. I’ve not posed the stats from the 2 nd PA-2050 as they are fairly similar to the Active-Primary one.
... View more
07-22-2013
08:58 AM
I'm experiencing frequent DP CPU spikes of 100% and averages between 80-95% on a PA-2050 Active Active deployment running 5.0.5. Our configuration is fairly simply with 2 vWire's per box for 2 security zones with async routing between the trust and untrust zones. We have only 5 security policies, with AV, spyware and vulnerability protection security profiles only. These profiles simply "allow" low/info/medium traffic and alert for high/critical and that's about it and a little bit of syslog. No VPN, no USER-ID, no global protect etc.. etc... However at peak times with around 75-90Mbps of throughput and ~96k sessions reported per PA-2050 we hit 90-100% CPU. Has anyone else experienced this sort of issue on a PA-2050 as the throughput numbers and session count are below the stated capability for the platform as below or is that simply too optimistic? PA-2050 1 Gbps firewall throughput (App-ID enabled 1 ) 500 Mbps threat prevention throughput 300 Mbps IPSec VPN throughput 250,000 max sessionsdata 15,000 new sessions per second 2,000 IPSec VPN tunnels/tunnel interfaces 1,000 SSL VPN Users 10 virtual routers 1/6* virtual systems (base/max 2 ) 40 security zones 5,000 max number of policies
... View more
Labels:
Latest Blogs
Latest Posts
Copyright 2007 - 2020 - Palo Alto Networks
