Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- ›
- About junior_r
About junior_r
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
12-08-2020
72Posts
5Likes
0Solutions
Dec 08, 2020Last Visited
User
Activity
User
Profile
Latest posts by junior_r
| Subject | Views | Posted |
|---|---|---|
| 222 | 12-08-2020 06:14 PM | |
| 6457 | 12-15-2019 10:50 AM | |
| 1424 | 12-14-2019 09:04 PM | |
| 3157 | 11-09-2019 06:53 AM | |
| 2981 | 09-28-2019 10:19 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 10-28-2017 02:37 PM | |
| 1 | 11-09-2019 06:53 AM | |
| 2 | 06-04-2018 01:27 PM | |
| 1 | 08-01-2018 06:12 AM |
Posts I Liked
User Badges
Public Statistics
| Date Registered | 02-11-2017 03:42 PM |
| Date Last Visited | 12-08-2020 09:27 PM |
| Total Messages Posted | 79 |
| Total Likes Received | 5 |
12-08-2020
06:14 PM
Hi, The Prisma Documentation is not clear. Can I get group mapping working with just defining group mapping on the template or do I need directory sync? If I can get group mapping working without directory sync what is the value of directory sync other than not having to connect back to on perm? Thanks
... View more
12-15-2019
10:50 AM
are we sure this is correct? "strict source path" means no ECMP. It applies to firewall originated IKE/IPsec traffic. Traffic will be sent out over the tunnel based on which tunnel the source address belong to. It has nothing to do with real "source routing". It does not affect transit traffic. Similar to "symetric return" it is an exception of ECMP hashing. I see different behavior . Where traffic is from source is still doing route lookup to send traffic out. Thanks
... View more
12-14-2019
09:04 PM
Hi, Firewall DUAL ISP ISP1 ETH1/1 IPSEC TUNNEL 1 ISP1 ETH1/2 IPSEC TUNNEL 2 ECMP Method HASH I have ECMP enabled with DUAL ISP with two IPSEC tunnels going to another firewall with one ISP. What I am seeing is sometimes is IPSEC tunnel from Eth1/1 to the other firewall going over Eth1/2. How do I prevent this? Thanks
... View more
11-09-2019
06:53 AM
1 Kudo
I am blocking some applications coming inbound from the internet to a certain IP. This creates a response page when I have application block response page on. How can I stop response page from being server to outside zone?
... View more
09-28-2019
10:19 AM
Hi, When I configure HA for data link I use Ethernet when devices are directly connected to each other, but sometimes in the field I see people using IP for transport but the devices are directly connected to each other. Why are they doing this? There is no reason to do it unless it needs to route. Can someone help me understand there logic? Thanks
... View more
09-20-2019
07:56 PM
Hi,
Can Expedition migration Cisco Fire Power to Palo Alto?
Thanks
... View more
09-18-2019
11:39 PM
Hi Tommy, Just did a test anytime I add a URL category to a deny rule I get the block page with or without the URL filtering profile. The URL filtering profile just adds extra entry in the URL filtering log. Thanks
... View more
09-18-2019
10:56 PM
Hi Tommy, will you still get a block page if URL filtering profile had all categories set to alert and action on rule set to deny? Thanks
... View more
09-18-2019
02:44 PM
Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profile applied? Does it log the traffic in URL monitor when its blocked?
... View more
11-03-2018
05:15 PM
@pulukas in this setup would the server send arp-reply to arp request from the circut?
... View more
11-02-2018
04:16 PM
@gwesson wrote: Just to be sure, you're saying: server(1.1.1.50) <---> [e1/3]PAN[e1/1] <---> Router And you want the PAN to respond to ARP requests for 1.1.1.50 that originate from the router? If that's correct, there are two ways I can think of offhand: 1. Proxy ARP will do this if you do destination-NAT on 1.1.1.50 to some other internal address. There's a good doc on that here: https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os/networking/nat/nat-policy-rules/proxy-arp-for-nat-address-pools 2. Use virtual wire (vwire) interfaces instead of layer 3. A virtual wire doesn't terminate layer 2 or 3, so the ARP request will directly hit the server, and the response will come from the port that eth1/1 is connected to. Docs on that here: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/networking/virtual-wire-deployments https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os/networking/configure-interfaces/virtual-wire-interfaces/configure-virtual-wires (1.1.1.50) [e1/4]FW 2[e1/7] 10.10.10.11/24 <----> [e1/3]PAN[e1/7] 10.10.10.10/24 <---> [e1/3]PAN[e1/1] <---> Router Two Firewalls PAN and FW2 If i do a destination NAT on 1.1.1.50 to internal IP would the packet even make its way to ETH3? I cannot modify any IPs behind e1/3
... View more
11-02-2018
03:34 PM
Anyway to accomplish following without modifying routes at the router? I have a subnet 1.1.1.0/24 1.1.1.1/24 PAN ETH1 Need to route 1.1.1.50 from ETH1 -> ETH3 as it sits behind ETH3. I need ETH1 to reply back to router when it says arp who has for 1.1.1.50
... View more
10-24-2018
07:50 PM
How much data do I need to give log disk in Panorama if I use PALO ALTO NETWORKS LOGGING SERVICE? Can I give it no disk for logs? Is it possible to forward all Firewall logs to Panorama then to forward to Logging Service? Thanks
... View more
10-24-2018
04:38 PM
@jperry1 wouldn't VM-Series to Device be slower...even if I take the VM with higest resources? Thanks
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-08-2020
09:27 PM
|
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
