cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

About LCMember4164

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Re: PAN-OS 8.1 User-ID problems

by in General Topics
‎12-10-2018 05:19 AM
‎12-10-2018 05:19 AM
Thank you, with the help of one of the docs you shared I was finally able to solve this. It was the domain-map not woriking well, this doc ( https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFnCAK ) is absolute GOLD! With some packet captures I was able to troubleshoot a problem related to the retrieval of the partitions from a Domain Controller. Changed the binding on LDAP of one of the root domain controllers and all started to work ! BTW I already had a group mapping configured on one of the root DCs but i was using the Global Catalog service istead of the normal LDAP.   Thank's! ... View more

PAN-OS 8.1 User-ID problems

by in General Topics
‎12-05-2018 03:27 PM
1 Kudo
‎12-05-2018 03:27 PM
1 Kudo
Hi there, I have some problems with a user-id installation on PAN-OS 8.1.4, scenario: 1) Windows AD Domain Forest, with around 6/7 domains 2) I'm only interested in authenticating users from one of the domains in the forest 3) I've correctly connected the firewall to the local domain controllers and pulled out ip to user mapping 4) I've also correctly connected the firewall to the ldap servers for group mapping, groups are populated correctly The domain is in the form: my-local-domain.myforest.local Problem: Some users are detected as my-local-domain\username while some others are detected as my-local-domain.myforest.local\username and this gives me some problems because only users in the form my-local-domain\username are correctly mapped to groups. I've already checked all the new documentation on user-id in 8.1 but cannot make it work 😞 Looking at one of the users attributes: show user user-attributes user my-local-domain\SOMEUSER Primary: my-local-domain\SOMEUSER        Email: SOMEUSER@mydomain.com Alt User Names: 1) SOMEUSER@mydomain.com 2) my-local-domain\SOMEUSER.USERNAME 3) my-local-domain\SOMEUSER 4) SOMEUSER@UPN   Basically i would like to configure an Alternate username in the form: my-local-domain.myforest.local\SOMEUSER is it possible using the new "Alternate Username" feature ? if so... how ?   thank you!         ... View more

Enable/Disable security rules via XML API

by in Automation/API Discussions
‎12-31-2014 02:43 AM
1 Kudo
‎12-31-2014 02:43 AM
1 Kudo
Hi all, is it possible to enable / disable an existing security rule via XML API ? Looking at the documentation (both the XML config guide and the api on the firewall) I found no useful informations on this topic thank's ! ... View more

Re: maximum number of bgp routes

by in General Topics
‎03-14-2013 01:06 AM
‎03-14-2013 01:06 AM
thanks! very useful table ... View more

maximum number of bgp routes

by in General Topics
‎03-13-2013 01:27 PM
2 Kudos
‎03-13-2013 01:27 PM
2 Kudos
hi, is there a maximum number of bgp route entries supported for the 5000 series ? does it support a full ipv4 routing table ? i cannot find any docs or data sheets with this kind of limits detailed... thanks ... View more
Labels:

Re: Problems with Aggregate Ethernet in HA configuration

by in General Topics
‎03-06-2012 07:02 AM
‎03-06-2012 07:02 AM
Problem solved. Just updated PAN-OS version from 4.1.1 to 4.1.3 and now it's working! btw didn't find anything in the release notes... ... View more

Re: Problems with Aggregate Ethernet in HA configuration

by in General Topics
‎03-03-2012 02:58 AM
‎03-03-2012 02:58 AM
Yes you are right, attached you'll find my ha config! I'm not using preemption and link monitoring right now. The only thing i added just to be sure is a backup dataplane link. All the links are directly connected between the firewalls with cross cables. I also tried to change the Passive Link State to Auto, as suggested by the documentation, but the problems persist... thanks! marco ... View more

Problems with Aggregate Ethernet in HA configuration

by in General Topics
‎03-02-2012 08:10 AM
‎03-02-2012 08:10 AM
Hi all, i'm setting up two PA 5020 in Active/Passive HA and I'm having some problems with Aggregate interfaces. I'm using 4 ethernet interfaces per device: ae.1 - trust zone (two physical ethernet interfaces) ae.2 - untrust zone (two physical ethernet interfaces) The device is operating in L3 mode with static routes. If I use a single device, all works flawlessly. If i try to enable HA i start getting packet loss (>5-10% in a LAN environment). If i try to shutdown one of the ports for each port-channel, i'm still getting packet loss. I've also tried to reconfigure the HA pair without Aggregate interfaces and in this case all works perfectly. I really cannot undestand why i'm getting so much packet loss, it doesn't seem to be just an aggregate ethernet issue, because with a single device it works... it also doesn't seem to be only an ha issue, because in ha without aggregate ethernet interfaces it just works perfectly... but when i'm using both ae and ha it just blows up 😞 On the switch side, all seems ok, no errors, nothing strange. Here some configuration snippets, maybe it's just a stupid issue... i'm a newb with this gear 😉 The switch configuration ( cisco 3750 right now, also tried with a 6509 with the same results): interface Port-channel9 description * FW1 - Trust * switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 900 switchport mode trunk switchport nonegotiate spanning-tree portfast trunk ! interface Port-channel10 description * FW1 - Untrust * switchport trunk encapsulation dot1q switchport trunk native vlan 901 switchport trunk allowed vlan 901 switchport mode trunk switchport nonegotiate spanning-tree portfast trunk ! interface Port-channel19 description * FW2 - Trust * switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 900 switchport mode trunk switchport nonegotiate spanning-tree portfast trunk ! interface Port-channel20 description * FW2 - Untrust * switchport trunk encapsulation dot1q switchport trunk native vlan 901 switchport trunk allowed vlan 901 switchport mode trunk switchport nonegotiate spanning-tree portfast trunk ! interface FastEthernet1/0/1 description * PAN-FW1 - Trust * switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 900 switchport mode trunk switchport nonegotiate channel-group 9 mode on spanning-tree portfast trunk ! interface FastEthernet1/0/2 description * PAN-FW1 - Trust * switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 900 switchport mode trunk switchport nonegotiate channel-group 9 mode on spanning-tree portfast trunk ! interface FastEthernet1/0/3 description * PAN-FW1 - Untrust * switchport trunk encapsulation dot1q switchport trunk native vlan 901 switchport trunk allowed vlan 901 switchport mode trunk switchport nonegotiate channel-group 10 mode on spanning-tree portfast trunk ! interface FastEthernet1/0/4 description * PAN-FW1 - Untrust * switchport trunk encapsulation dot1q switchport trunk native vlan 901 switchport trunk allowed vlan 901 switchport mode trunk switchport nonegotiate channel-group 10 mode on spanning-tree portfast trunk ! interface FastEthernet1/0/13 description * PAN-FW2 - Trust * switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 900 switchport mode trunk switchport nonegotiate channel-group 19 mode on spanning-tree portfast trunk ! interface FastEthernet1/0/14 description * PAN-FW2 - Trust * switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 900 switchport mode trunk switchport nonegotiate channel-group 19 mode on spanning-tree portfast trunk ! interface FastEthernet1/0/15 description * PAN-FW2 Untrust * switchport trunk encapsulation dot1q switchport trunk native vlan 901 switchport trunk allowed vlan 901 switchport mode trunk switchport nonegotiate channel-group 20 mode on spanning-tree portfast trunk ! interface FastEthernet1/0/16 description * PAN-FW2 Untrust * switchport trunk encapsulation dot1q switchport trunk native vlan 901 switchport trunk allowed vlan 901 switchport mode trunk switchport nonegotiate channel-group 20 mode on spanning-tree portfast trunk ! ... View more
Labels:
LCMember4164
‎10-18-2019
since ‎02-20-2012
L1 Bithead
User Activity
User Profile
Latest posts by LCMember4164
View All
My Liked Posts
View All
User Badges
Public Statistics
Date Registered ‎02-20-2012 07:00 AM
Date Last Visited ‎10-18-2019 06:13 AM
Total Messages Posted 8
Total Likes Received 4
Ask Questions Get Answers Join the Live Community
Contact Me
Online Status
Offline
Date Last Visited
‎10-18-2019 06:13 AM
Latest Tags
No tags yet
Likes Given To
View All
Likes From
Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2020 - Palo Alto Networks