About nevolex

hi I have been having hard times configuring this simple task   I have 2 tsp links, ips / gateways are dynamic.  I am using default router metric for primary as 10 and the secondary as 30. However randomly the secondary takes over for no reason. Also if I unplug the primary, the secondary does not really failover.   there is path monitoring etc, but all is related to static routes, is there solution that would work with dynamic routing?   thank you   ... View more

Hi folks I am having issues with access via ssh from macos/ linux pcs   pc ~ % ssh admin@10.10.10.1                                                                                                                                           Unable to negotiate with 10.10.10.1 port 22: no matching host key type found. Their offer: ssh-rsa                                                                           I can access it using this modified command:    ssh -oHostKeyAlgorithms=+ssh-rsa admin@10.10.10.1   I have added these options to ssh profile, restarted ssh server/ rebooted as well for testing, but still getting same results    Unable to negotiate with 10.10.10.1 port 22: no matching host key type found. Their offer: ssh-rs     Does anyone know what needs to be configured on the palo alto to resolve ssh compatibility issues? thank you ... View more

Hi guys,   I have logged the case with palo alto with 'no issues found' response I would like to ask if anyone can kindly test for me   I have converted to an advanced routing engine (pan os 10.2.4) conversion when fine, no issues, green light upon conversion results    all my static routes stopped  working after that, they are like being ignored    every static route entry (exiting and new) now has this strange line in the wizard     " vrf.entry.*. routing   table.ip.static   route .entry.*.bfd.profile "   I think it's a bug, can anybody please try to create a single route, do you see that line as well in the new route creation box?   "vrf.entry.*. routing  table.ip.static  route .entry.*.bfd.profile"   thank you for any help see an example attached ... View more

hi guys,    I searched through and it looks like it's an know issue that speedtest.net is not correctly identified by app-id    I use app -default setting on the policy  The policy cannot  really see speedtest.net's traffic and identifies  the traffic as ssl, speedtest uses customer port tcp 8080 which is obviously not part of ssl app id defined by pal alto    to bypass i have added under service custom port 8080 tcp and app as ssl, not speedtest app id as it was not identified and working  anyway  - it works this way    but later on I have enabled ssl decryption for testing purposes, hoping  that the app will be correctly identified byt the firewall, however it did not work, palo alto still sees  speedtest .net as pure ssl traffic    what can be a problem?   thank you   ... View more