About clonesheep

Hello, I have a PA VM100 which hangs behind a dynamic public IP and it creates an IPSec tunnel to a PA220 with static public IP.  So the tunnel can only be established by the VM100. On the PA220 I have activated "Enable Passive Mode" at IKE Gateway -> advanced Options. DPD Interval 5 and Retry 5. I also set up a tunnel monitor and gave the tunnel interfaces IPs. As tunnel monitor profile I chose default (wait recover - interval 3sek - threshold 5). Unfortunately the internet connection is not the best and there are always disconnections (more then 10 on a day). Sometimes the tunnel will rebuild itself, sometimes you have to take action yourself. Then you can see that on the pa220 under session there is still the session ipsec 4500. You can also see that the tunnel ipsec is still green but ike already red.   What can I do to ensure that the tunnel rebuilds as quickly as possible in the event of a failure?   ... View more

Hello, I have an active/passive PA220 cluster which unfortunately had a shutdown and now I want to find out what exactly the reason was. At Monitor -> System: HA Group 1: Dataplane is down: dataplane exit failure HA Group 1: Moved from state Active to state Non-Functional HA Group 1: HA heartbeat backup information has been used for HA state change Chassis Master Alarm: HA-event HA2 link down HA Group 1: Ignoring session synchronization due to HA2-unavailable All HA2 links down The dataplane is restarting. What could be the reason? Where can I find more details? ... View more

Has anyone already got wifi calling via PA to run? I see in the session log the connections udp 500 and 4500 but wifi calling does not work on my iPhone 8. I have already excluded my AP, that's not the reason. At home router with itss integrated AP it ran - no problem. In which logs can I find something about this? I released ike and ipsec-esp-udp as well as tested them with any rule. have a static IP Internet connection. My policies for this are on trust untrust any ... View more

Hello, everyone, Currently I have the problem to build an IPSec tunnel between a PA200 (A) and a PA220 (B). My one side A has a Telekom hybrid Internet connection (its a german product with LTE and cable connection) to a Speedport router. Thus only one dynamic official IP. The other side B is a normal company connection with a fixed IP address. I have configured my tunnel so that only side A is allowed to start the tunnel. (B side enable passive mode) If I now start the tunnel on page A, I also see in the monitoring at page B the requests ike on port 500 for port 500. Unfortunately then nothing happens further and page A has then a Faild Due to timeout. You can also see that page A transmits data but does not receive any data. What could that be? What is the best way to narrow down the problem? ... View more

Hi I have a problem with the NTP sync. When i make a "show ntp"   NTP state: NTP not synched, using local clock NTP server: asia.pool.ntp.org status: rejected reachable: no authentication-type: none NTP server: pool.ntp.org status: rejected reachable: no authentication-type: none   But my mgmt interface is alow via policy rule to use ntp. I am able to ping the ntp host and a traceroute runs good. So I search a bit you erros.. only found in sysdagent.log TIME: Unable to connect to asia.pool.ntp.org for ntpdate I test it with "debug software restart process ntp"   Any Ideas?   ... View more

Hi we use Aerohive AP and from there i get syslogs at my Kiwi Syslog Server. Like this one: ah_auth: add new RT sta: MAC=xxxxxxxx, IP=10.100.100.20, hostname=xxxxx, username=xxxxxx on wifi0.7 And now i need this information in the PA because there i only see in the traffic monitor the Source IP Adress from the AP and no Source User. How can i configure that the PA can take the log information from the kiwi syslog? Or is there an easy way to take the Aerohive Login/logout and device informations to the firewall?   Aerohive and Palo Alto Network have a cooperation... https://manualzz.com/doc/23623919/aerohive-and-palo-alto-networks ... View more