This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
About clonesheep
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About clonesheep
07-30-2022
62Posts
5Likes
2Solutions
Jul 30, 2022Last Visited
User
Activity
User
Profile
Latest posts by clonesheep
| Subject | Views | Posted |
|---|---|---|
| 381 | 07-26-2022 08:30 AM | |
| 1863 | 10-12-2020 06:10 AM | |
| 1017 | 10-05-2020 08:53 AM | |
| 4299 | 10-03-2019 01:30 PM | |
| 4383 | 09-26-2019 04:34 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 08-07-2018 02:22 AM | |
| 3 Likes | 05-29-2019 02:18 AM | |
| 1 Like | 02-26-2018 08:31 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 05-18-2016 05:24 AM |
| Date Last Visited | 07-30-2022 01:27 PM |
| Posts | 62 |
| Total Likes Received | 5 |
07-26-2022
08:30 AM
Hi all,
I have a PA220 managed with Panorama. Very cool mgmt and very powerful. Only the PA220 is a bit slow. My Situation - I have two internet connections (Eth 1/1 and 1/7) with fixed IP. Both have their own VR and therefore both have a null route. And both have own untrust1 and untrust2 zone. All my clients 10.10.10.x/24 are in trust1 zone and can connect by vr1 to www. Now I will set some clients by a PBF Rule to go all www traffic forward to eth 1/7 and next hop the public IP from eth1/7. It doesn't want to work the way I think it should.
In the traffic monitor I see the traffic that is also allowed. Zones are also allowed access, which fits. I have a suspicion that something is not working with the return route. In vr2 I have already set a route that when it goes to network 10.10.10.x/24 it should go to the next VR1. But that doesn't help either.
Anyone have an idea what it could be? Have worked like this https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/policy-based-forwarding/use-case-pbf-for-outbound-access-with-dual-isps#id1e130c06-0775-45d9-9f96-c416531fdb5f but there same routers are used.
... View more
10-12-2020
06:10 AM
Hello, I have a PA VM100 which hangs behind a dynamic public IP and it creates an IPSec tunnel to a PA220 with static public IP. So the tunnel can only be established by the VM100. On the PA220 I have activated "Enable Passive Mode" at IKE Gateway -> advanced Options. DPD Interval 5 and Retry 5. I also set up a tunnel monitor and gave the tunnel interfaces IPs. As tunnel monitor profile I chose default (wait recover - interval 3sek - threshold 5). Unfortunately the internet connection is not the best and there are always disconnections (more then 10 on a day). Sometimes the tunnel will rebuild itself, sometimes you have to take action yourself. Then you can see that on the pa220 under session there is still the session ipsec 4500. You can also see that the tunnel ipsec is still green but ike already red. What can I do to ensure that the tunnel rebuilds as quickly as possible in the event of a failure?
... View more
- Tags:
- ipsec
10-05-2020
08:53 AM
Hello, I have an active/passive PA220 cluster which unfortunately had a shutdown and now I want to find out what exactly the reason was. At Monitor -> System: HA Group 1: Dataplane is down: dataplane exit failure HA Group 1: Moved from state Active to state Non-Functional HA Group 1: HA heartbeat backup information has been used for HA state change Chassis Master Alarm: HA-event HA2 link down HA Group 1: Ignoring session synchronization due to HA2-unavailable All HA2 links down The dataplane is restarting. What could be the reason? Where can I find more details?
... View more
09-26-2019
04:34 AM
okay doesn't sound good. but then i'm not alone with my problem at least. i have a pa220 with panos 8.1.10. it's not related to the DNS setting. i've already tested that. it resolves correctly. maybe someone has a solution? PAN itself?
... View more
09-16-2019
02:58 AM
Hi have found my carriere vodafone use udp/500, udp/4500 and this is allowed in my policies. Loogin is there active. It can be the return traffic or any NAT Problem. There I didnt know exatly how to configure. Is there anywhere a good help for this?
... View more
09-13-2019
08:13 AM
Has anyone already got wifi calling via PA to run? I see in the session log the connections udp 500 and 4500 but wifi calling does not work on my iPhone 8. I have already excluded my AP, that's not the reason. At home router with itss integrated AP it ran - no problem. In which logs can I find something about this? I released ike and ipsec-esp-udp as well as tested them with any rule. have a static IP Internet connection. My policies for this are on trust untrust any
... View more
- Tags:
- wifi calling
05-29-2019
02:24 AM
Hello, everyone, Currently I have the problem to build an IPSec tunnel between a PA200 (A) and a PA220 (B). My one side A has a Telekom hybrid Internet connection (its a german product with LTE and cable connection) to a Speedport router. Thus only one dynamic official IP. The other side B is a normal company connection with a fixed IP address. I have configured my tunnel so that only side A is allowed to start the tunnel. (B side enable passive mode) If I now start the tunnel on page A, I also see in the monitoring at page B the requests ike on port 500 for port 500. Unfortunately then nothing happens further and page A has then a Faild Due to timeout. You can also see that page A transmits data but does not receive any data. What could that be? What is the best way to narrow down the problem?
... View more
05-29-2019
02:18 AM
3 Kudos
That was a stupid question. The solution can be found in the technical data sheet. the PA200 can only 50mbits as ipsec tunnel. That explains my problem.
... View more
05-15-2019
07:47 AM
Hi all, I have a IPSec VPN between a PA200 and a PA220. Now i'm transporting a file from the pa200 network via ftp through the side-to-side tunnel to the pa220 network. The connection between the PAs is a 300mbits synchronous connection. The dataplane cpu goes up to over 90% with PA200 and the bandwidth reaches only low 10mbyte/s. The interesting thing is, if I transfer 10 files at the same time, the speed goes up to about 20-25mbyte. Dataplane CPU is around 90-95% again. What could be the reason for this? How do I get more speed?
... View more
05-07-2019
08:08 AM
Hello, I have two PAs and want to build IPSec tunnels between them. one PA A has a static IP. The other PA B has two internet connections. One with a static IP and one with a dynamic IP. Now I want to build two tunnels from device B to the A side. my two internet interfaces eth 1/4 has the IP 192.189.5.4 and the router behind it has the IP 192.168.5.1. What should my routing look like? Both interfaces are in the same default VR. There I have a route 0.0.0.0/0 on interface eth 1/1 where my main internet connection is. My other side where the tunnel should terminate is the 1.1.1.1 IP. Don't really know right now.When my tunnel from eth 1/4 now start, it will go to the untrust zone of eth 1/1. Where can I find helpful information?
... View more
- Tags:
- IPSec tunnels
02-25-2019
07:51 AM
Okay look: MGT IP 10.0.8.1 eth 1/1 public IP eth 1/2 10.0.8.2 my trust network defualt virtual router route 0.0.0.0 to eth 1/1. So my Mgmt Rule Src 10.0.8.1 trust zone goes to untrust destiantion any. This is how PA Updates work fine.
... View more
02-25-2019
07:34 AM
But at the moment I have "Use Management Interface for all" and this will run. So I get PA Updates and Virusupdates and so on. For my MGT there is the default GW the eth2 and this I see in the Monitor Log. But no NTP 😞
... View more
02-25-2019
05:05 AM
Hi I have a problem with the NTP sync. When i make a "show ntp" NTP state: NTP not synched, using local clock NTP server: asia.pool.ntp.org status: rejected reachable: no authentication-type: none NTP server: pool.ntp.org status: rejected reachable: no authentication-type: none But my mgmt interface is alow via policy rule to use ntp. I am able to ping the ntp host and a traceroute runs good. So I search a bit you erros.. only found in sysdagent.log TIME: Unable to connect to asia.pool.ntp.org for ntpdate I test it with "debug software restart process ntp" Any Ideas?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-30-2022
01:27 PM
|
Likes Given To
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks