About DKanta

Hi Everyone,   i need your help to better undestand how DNS Sinkhole actually works. I mean, i know how it works, how to configure it, but i'm facing a strange behaviour i cannot understand. In the photo i have uploaded i have an example. Both source and destination are in the same subnet (i have obscured the first two octects for privacy) the destination of the log (99.7) should be the client trying to contact the C2 domain, but the source doesn't exists! It's not the interface IP of PA, nor a host in the subnet! this is not the only log showing this, there are many of them, and every one have this particularity: the source is always a previous or following IP (for example, if the destination IP is 99.100, i can find sources 99.99 or 99.101, and so on).   Can someone who better knows this function heelp me understand what is happening?   Regards, Daniele ... View more

Hi Guys,   we have a problem: if a pc is in the lan, behind the firewall, we are not able to log in to office365, but if we use an external connection it works. i don't see any log with application containing 'office' We have not decryption enabled, PA-3020 with 7.1.14   Do you have any hint? Regards, Daniele ... View more

Hi Guys,   customer connected a Mac (OSX 10.13.2) using global protect and other vpn client (native and cisco), but i can't reach a remote server.   Doing a packet capture i found the PA (pa-3020, 7.1.14) doesn't forward the reply packet. [Mac]--------->[PAN] --------->[Server]        OK [Mac]               [PAN]<---------[Server]        PAN stops return traffic   i thought it was a problem caused by a third-party vpn client, but they told me the same issue is present when GP is used, but they told me all problematic users use a Mac.   Do you have some hints?   Regards, Daniele ... View more

Hi All!   i have this problem: when customer downloads, it is very slow, with isp he bypassed the PA device and it was faster. I created a new rule without any security profile to verify if it was caused by them, but customer says it is the same (and it could be slower).   QoS is not enabled.   Do you have any suggestion about this problem? Some function to check?   Regards, Daniele ... View more

Hi All!   i have a issue with the user-id feature: some users are not recognized by the PA device: if i check the logs searching for the username i see the last access some days ago, but if i search for his ip he is doing traffic. Even checking via CLI with ' show user ip-user-mapping all | match username ' i don't see anything.   PA is running PAN-OS 7.0.7 (i know it is going to be in EOL, we will plan the upgrade).   Can you please give me some hints to check?   Regards, Daniele ... View more

Hi All,   i have this issue: when i connect with global protect the WLAN NIC disables, and i have to restart the PC, i have this problem with this PC model:  Dell Latitude 5414 Rugged   Can you help me? Have you got some hints for me to check?   Regards, Daniele ... View more

Hi All,   we can't connect to Global Protect gateway using native VPN client on Samsung Galaxy A3 2016. Following the configuration on smartphone:   Under IPSec Identificator there is a string , and it is used as FQDN instead of Key Identifier, as we can see in the logs:   but we can't edit the configuration on the smartphone. Using other models of smartphone it works.   Do someone knows any kind of configuration that makes it work?   Regards, Daniele ... View more