This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About wimjuste
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About wimjuste
07-18-2022
16Posts
2Likes
0Solutions
Jul 18, 2022Last Visited
User
Activity
User
Profile
Latest posts by wimjuste
| Subject | Views | Posted |
|---|---|---|
| 2998 | 10-11-2013 01:22 AM | |
| 3178 | 10-01-2013 01:03 PM | |
| 4480 | 04-15-2013 07:46 AM | |
| 4480 | 04-13-2013 01:20 PM | |
| 1615 | 04-12-2013 12:10 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 10-11-2013 01:22 AM | |
| 1 Like | 10-01-2013 01:03 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 2 Likes |
User Badges
Community Statistics
| Member Since | 08-14-2012 10:43 AM |
| Date Last Visited | 07-18-2022 02:11 AM |
| Posts | 16 |
| Total Likes Received | 2 |
10-11-2013
01:22 AM
1 Kudo
Meanwhile I also received feedback of our Palo Alto Networks local systems engineer. Allow me to share this information, because it revealed to root cause / answer to our problem. NAT device binding options include the following: Device 0 and Device 1—Translation is performed according to device-specific bindings only if the session owner and the device ID in the NAT rule match. evice-specific NAT rules are commonly used when the two firewalls use unique public IP addresses for translation Both—This option allows either device to match new sessions to the NAT rule and is commonly used for destination NAT Primary—This option allows only the active-primary device to match new sessions to the NAT rule. This setting is used mainly for inbound static NAT, where only one firewall should respond to ARP requests. Unlike device 0/1 bindings, a primary device binding can move between devices when the primary role is transferred
... View more
10-01-2013
01:03 PM
1 Kudo
Dear all, I've configured my Palo Alto Cluster in a L3 Active / Active cluster setup. While I was trying to implement a NAT policy (Source Address Translation), it turns out that the only options that are working are: "0" and "1", as a reference to the member of the active/active cluster which should take care of the Address Translation. It turns out that the other option are not accepted by the PAN-OS while trying to push/commit the previously defined NAT policy (results in ERROR) Would be works as designed? Because, as a workaround I cloned the NAT rule, using either active/active binding to "0" and the exact same NAT rule, using active/active binding "1". Seems to be working fine, although I can imaging that the option "PRIMARY" would allow us to create this NAT rule ONLY ONCE. Thanks ! Kind regards, Wim
... View more
04-15-2013
07:46 AM
The assigned system support engineer provide exactly the same information as described by you. Concerning the 'awkward' phenomenon about starting fined grained information after having build that custom report, that must have been a coincidence/mix up. Now, all information is available while drilling down into menus of the Application Command Center. Thanks again for your valuable feedback.
... View more
04-13-2013
01:20 PM
Hi Mkiand, Thx for your suggestions ! Yes indeed: - NTP has been configured, even before the (data) interfaces were connected. So, onboard time sync was and is now also still in sync. - For data we want to see, there's an LOG AT START enabled. Should both (start/end) be enabled preferably to have correct and relevant data in ACC ? I already informed our Palo Alto engineer about this issue. He asked to open a support case in order to have a closer look. Just 1 remark: I don't know whether there's a link between both, but after creating a CUSTOM REPORT which forced to get data from the threat database for the past +/- 24hours, drilling down into the "Threat monitor" reveals fine grained information about sources/destations/etc. So, I tried to build a similar custom build report that forced to fetch data from "traffic" database, though the result was not successful: "no matching record" after drill down in the "Traffic monitor" I'll keep this thread up to date once a solution is provided from the support case.
... View more
04-12-2013
12:10 AM
Thx Bulent, From a secure configuration baseline policy point of view, deleting (or rather replacing it) the default administrative accounts, should be the first thing to do
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-18-2022
02:11 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks