About inzamam.shahid

Greetings,   I hoping you guys can help me with getting to a website called "https://www.labeebyacademy.co.uk/".   When a user tries to go to this website it does not load. When going through my other firewall of the other site it works fine.   I have tried several things on the firewall, but this still fails to load.   The website resolves to 46.37.179.197. I have PCAPs on this from the firewall.   I have tried several things from the firewall:   -Tried creating an allow all policy for one IP -Checked the correct NAT policy is being applied -dropped the MTU size on the external interface to various values, but this made no difference -disabled the decryption rules   Now I have come to the stage of doing the pcaps from the firewall.   I do suspect this to be an MTU issue. I am not sure if reducing the MTU on the external interface was correct.   I have uploaded the PCAPS here hope you guys can advise further.   Many Thanks,           ... View more

Hi Guys,    I hope you guys can help with classifying unknown traffic.    I have read many forums for this topic none of which answer my specific question. I understand that should create a custom app if your application bespoke and it is unlikely that an APP-ID would be created.    However, I am expereincing an issue with an application called "commvault" the firewall already recognises this app, but my rule does not work as the traffic is being identified as "unknown-tcp" I do not understand if the firewall already reconises this app why is this being recognised as unknown. Can you also share with me the correct procedure of getting the traffic classified as "commvault" application?    I already have PCAPS from the firewall, but do not know where this should be raised.    Many Thanks,  ... View more

Greetings,   I wish to run an issue that one my sites is experiencing with a site to site VPN. The issue that is experienced is that some applications mainly mail application will show up in the logs as incomplete. I will aim to give you the full picture of this so you can understand the setup and hopefully advise of a solution.   (Working Site)SITA A – Aruba controller that has a site to site VPN connection to a PALO. Between the PALO and the Aruba controller there is a MPLS network for this site. The applications are identified correctly and everything is working fine. This site uses a 10.10.x range for clients. The traffic is NATTED correctly and no asymmetric routing is detected.   (Not working site)SITE B – Aruba controller is physically connected to a PALO, which has a site to site VPN connection to another PALO through an MPLS network. The application here get identified as incomplete when they hit the first palo which is directly connected to the Aruba controller. This site uses a 10.11.x range for clients, the traffic is NATTED correctly and no asymmetric routing is detected. It just some applications get identified as incomplete.   I have dropped the MTU size between the tunnels and this has made no difference. I have compared the traffic range of 10.10 and 10.11 and both are the same, but 10.11 shows the traffic as being incomplete. I have created an any any rule for a test user and still it does not work for them. I have tried to use application over ride, but application does not work correctly.   Just want to know if you guys have similar problems and hopefully can advise me going forwards. I can draw up a quick network diagram if required.   Many Thanks,   ... View more

Greetings,   I am not sure if someone else has come across this issue before with global protect and just wanted to run by some of you guys.   The issue that I am having with GP is that it randomly disconnects. The VPN connection perform fines when under relatively light load with no issues or disconnects. The issue arises when you begin to push the limits of the connection speed.   This issue has been going on for a while and I am no wiser on how to solve this. When it first started my broadband connection was 6mb down and 1mb up that was a normal connection without the VPN. When connected on the GP the connection would show 3mb down and 1mb up. In this scenario, checking mails, general web browsing were fine, but doing something like adding a video to a skype call would cause the connection to drop, as it was too near the upper bandwidth for it to handle.   I then changed my broadband provider to rule that out of the equation. I went to a fibre connection, which a speed test showed 60 and 70mb down/18mb up. The same problem is still there, but because I have raised the threshold of the what stresses the connection, I can now skype video etc without issue. However, if I were to download a large file from the web, or copy large files from a file server, the problem still remains.   One of two things will happen. Either A) the connection will slow significantly. During this period, you can see that the outbound traffic on the local adapter is often 2-3 times higher than the traffic on the PanGP virtual adapter, due to the sheer volume of retransmits occurring. Or B) the connection will perform well for a minute or two, and then suddenly cut out. Sometimes it is a combination of the two, with reduced speed due to retransmits, followed by a cut out.   Most of the time this does not affect me too much, because I do not move large files about. However, a couple of days ago I had to download a 2GB update, this led to disconnects every 60 – 120 seconds and made my machine unusable during the download time.   I am not the only user who is experiencing this issue – I have spoken to other VPN users on different broadband providers having the same issue.   The system log of PALO shows a connection released message.   The logs on the GP client shows:  Window session changed with state 4 user is switching off. user disconnected with state = 4   The version of GP we are using is 3.1.0, but experienced this issue on multiple other versions.   Not sure what to do from here so if anyone can share some valuable knowledge/experience on this.   Many Thanks, ... View more

We have configured a log card interface on one of our 7050 devices for submission to wildfire. This is not working.  Our testing shows we cannot ping the default gateway conifgured on the interface. If we ping from the router, then no response is recived, but the packet count on the log card interface increases according for both recicieved and transmitted packets.    Any ideas would be greatly appreciated.    ... View more

Hello People,    My client has receently upgraded to 7.1.3 and now the management plane is constantly running 100% on all firewalls.    This is the following message displayed and filling up the userid.log   2016-07-22 16:43:38.660 +0100 Error: pan_user_id_agent_msgs_queue_msg(pan_user_id_agent_msgs.c:58): failed to insert msg into sending msg list   We have restarted the user-id process, but that has not made a difference. Here is the output of show system resource follow:   Khipu@VH-PA-3020> show system resources follow top - 16:57:59 up 4 days, 19:27, 1 user, load average: 0.59, 0.34, 0.39 Tasks: 109 total, 1 running, 108 sleeping, 0 stopped, 0 zombie Cpu0 : 71.3%us, 23.0%sy, 0.0%ni, 2.0%id, 0.0%wa, 0.0%hi, 3.7%si, 0.0%st Cpu1 : 58.8%us, 24.9%sy, 1.3%ni, 2.3%id, 0.0%wa, 0.0%hi, 12.6%si, 0.0%st Mem: 3850716k total, 3535912k used, 314804k free, 39776k buffers Swap: 2008084k total, 706888k used, 1301196k free, 1192424k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 13691 root 20 0 1990m 1.8g 117m S 171.6 48.4 29:16.95 useridd 3980 root 20 0 784m 46m 2756 S 14.6 1.2 682:57.29 logrcvr 10158 root 20 0 699m 55m 5428 S 1.3 1.5 14:23.74 mgmtsrvr 2338 root 30 10 18360 4864 2440 S 0.7 0.1 4:43.39 python 2278 root 0 -20 52896 9.8m 2788 S 0.3 0.3 8:25.44 masterd_apps 2296 root 15 -5 21664 3016 1660 S 0.3 0.1 18:26.08 sysd 3970 nobody 20 0 139m 3120 2260 S 0.3 0.1 36:37.83 appweb3 3979 root 20 0 69472 2432 2184 S 0.3 0.1 9:50.96 ikemgr 26387 Khipu 20 0 2532 1116 836 R 0.3 0.0 0:00.05 top 1 root 20 0 2084 600 572 S 0.0 0.0 0:02.87 init 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd 3 root RT 0 0 0 0 S 0.0 0.0 0:01.36 migration/0 4 root 20 0 0 0 0 S 0.0 0.0 0:05.94 ksoftirqd/0 5 root RT 0 0 0 0 S 0.0 0.0 0:01.26 migration/1 6 root 20 0 0 0 0 S 0.0 0.0 0:07.95 ksoftirqd/1 7 root 20 0 0 0 0 S 0.0 0.0 0:15.46 events/0 8 root 20 0 0 0 0 S 0.0 0.0 1:00.75 events/1 9 root 20 0 0 0 0 S 0.0 0.0 0:00.01 khelper     Khipu@VH-PA-3020> show system resources follow top - 16:58:58 up 4 days, 19:28, 1 user, load average: 0.58, 0.36, 0.39 Tasks: 110 total, 1 running, 109 sleeping, 0 stopped, 0 zombie Cpu0 : 71.1%us, 20.9%sy, 0.0%ni, 3.3%id, 0.0%wa, 0.0%hi, 4.7%si, 0.0%st Cpu1 : 56.1%us, 25.6%sy, 0.3%ni, 3.0%id, 0.0%wa, 0.0%hi, 15.0%si, 0.0%st Mem: 3850716k total, 3462776k used, 387940k free, 39976k buffers Swap: 2008084k total, 706840k used, 1301244k free, 1056956k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 13691 root 20 0 2063m 1.8g 117m S 171.2 50.0 30:58.85 useridd 3980 root 20 0 784m 47m 2756 S 14.6 1.2 683:06.00 logrcvr 10158 root 20 0 699m 55m 5428 S 1.3 1.5 14:24.19 mgmtsrvr 2296 root 15 -5 21664 3016 1660 S 0.7 0.1 18:26.21 sysd 2338 root 30 10 18360 4864 2440 S 0.7 0.1 4:43.46 python 26577 root 20 0 2164 720 592 S 0.7 0.0 0:00.02 ping 2278 root 0 -20 52896 9.8m 2788 S 0.3 0.3 8:25.52 masterd_apps 3960 root 20 0 760m 4316 2180 S 0.3 0.1 15:40.80 mongod 3970 nobody 20 0 139m 3120 2260 S 0.3 0.1 36:38.15 appweb3 3979 root 20 0 69472 2432 2184 S 0.3 0.1 9:51.05 ikemgr 3984 root 20 0 71716 1872 1544 S 0.3 0.0 2:18.80 l2ctrld 3993 root 17 -3 144m 4484 3200 S 0.3 0.1 1:58.73 routed 11443 root 20 0 13740 2592 1884 S 0.3 0.1 8:00.72 packet_path_pin 1 root 20 0 2084 600 572 S 0.0 0.0 0:02.87 init 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd 3 root RT 0 0 0 0 S 0.0 0.0 0:01.36 migration/0 4 root 20 0 0 0 0 S 0.0 0.0 0:05.94 ksoftirqd/0 5 root RT 0 0 0 0 S 0.0 0.0 0:01.26 migration/1 6 root 20 0 0 0 0 S 0.0 0.0 0:07.95 ksoftirqd/1       Khipu@VH-PA-3020> show system resources follow top - 16:59:12 up 4 days, 19:29, 1 user, load average: 0.45, 0.34, 0.38 Tasks: 110 total, 1 running, 109 sleeping, 0 stopped, 0 zombie Cpu(s): 52.1%us, 15.8%sy, 0.1%ni, 25.4%id, 0.4%wa, 0.0%hi, 6.2%si, 0.0%st Mem: 3850716k total, 3530968k used, 319748k free, 40032k buffers Swap: 2008084k total, 706804k used, 1301280k free, 1106224k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 13691 root 20 0 2072m 1.9g 117m S 165.5 50.5 31:23.48 useridd 3980 root 20 0 784m 47m 2756 S 13.3 1.3 683:08.13 logrcvr 8804 root 20 0 43960 8552 2288 S 1.9 0.2 9:01.24 snmpd 1 root 20 0 2084 600 572 S 0.0 0.0 0:02.87 init 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd 3 root RT 0 0 0 0 S 0.0 0.0 0:01.36 migration/0 4 root 20 0 0 0 0 S 0.0 0.0 0:05.94 ksoftirqd/0 5 root RT 0 0 0 0 S 0.0 0.0 0:01.26 migration/1 6 root 20 0 0 0 0 S 0.0 0.0 0:07.95 ksoftirqd/1 7 root 20 0 0 0 0 S 0.0 0.0 0:15.47 events/0 8 root 20 0 0 0 0 S 0.0 0.0 1:00.76 events/1 9 root 20 0 0 0 0 S 0.0 0.0 0:00.01 khelper 14 root 20 0 0 0 0 S 0.0 0.0 0:00.00 async/mgr   If you could let me know how to reduce the CPU that would be great.    Thanks,  ... View more

Hi Community,    I just needed to run a niggling issue with some of you as we are experienicing with our global protect.    We have global protect to do pre-logon connection to the global protect gateway. Once the user is authenticated we except drives to be mapped. However, we are experiencing an intermitten random issue where sometimes all the drives are mapped fine, sometimes only some of them are mapped. We would like to improve the experience for global protect users.    When the users are connecting during the logon process it is hard to identify the parts of the logs which are relevant only to the drive mapping. The mappings are to integrated DFS servers.    Looking through the logs, once the user has logged in, there does still appear t o be a number of connections with no user against them, I believe these connections to be left over from the pre-logon connection before the user logged in (I may just be misreading the logs)     On the user-id agent would you recommending enabling the client probing would this actually help? Is there any other suggestions on what we can do to improve this experience.    Is delaying the way the drives are mapped should we delay the drive mapping process? Would this help and how can this be achieved?   Just putting this out there so we can get some ideas on this. Your help would be greatly appreciated. Please let me know if you need any further info.    Thanks ... View more

I see lots of posts of how to install and use the migration tool, but can someone please provide steps on how to install it properly. ... View more