Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About junior_r
About junior_r
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
12-15-2019
71Posts
3Likes
0Solutions
Dec 15, 2019Last Visited
User
Activity
User
Profile
Latest posts by junior_r
| Subject | Views | Posted |
|---|---|---|
| 3035 | 12-15-2019 10:50 AM | |
| 727 | 12-14-2019 09:04 PM | |
| 1002 | 11-09-2019 06:53 AM | |
| 1807 | 09-28-2019 10:19 AM | |
| 729 | 09-20-2019 07:56 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 2 | 06-04-2018 01:27 PM | |
| 1 | 08-01-2018 06:12 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 1 |
User Badges
Public Statistics
| Date Registered | 02-11-2017 03:42 PM |
| Date Last Visited | 12-15-2019 02:11 PM |
| Total Messages Posted | 78 |
| Total Likes Received | 3 |
12-15-2019
10:50 AM
are we sure this is correct? "strict source path" means no ECMP. It applies to firewall originated IKE/IPsec traffic. Traffic will be sent out over the tunnel based on which tunnel the source address belong to. It has nothing to do with real "source routing". It does not affect transit traffic. Similar to "symetric return" it is an exception of ECMP hashing. I see different behavior . Where traffic is from source is still doing route lookup to send traffic out. Thanks
... View more
12-14-2019
09:04 PM
Hi, Firewall DUAL ISP ISP1 ETH1/1 IPSEC TUNNEL 1 ISP1 ETH1/2 IPSEC TUNNEL 2 ECMP Method HASH I have ECMP enabled with DUAL ISP with two IPSEC tunnels going to another firewall with one ISP. What I am seeing is sometimes is IPSEC tunnel from Eth1/1 to the other firewall going over Eth1/2. How do I prevent this? Thanks
... View more
11-09-2019
06:53 AM
I am blocking some applications coming inbound from the internet to a certain IP. This creates a response page when I have application block response page on. How can I stop response page from being server to outside zone?
... View more
09-28-2019
10:19 AM
Hi, When I configure HA for data link I use Ethernet when devices are directly connected to each other, but sometimes in the field I see people using IP for transport but the devices are directly connected to each other. Why are they doing this? There is no reason to do it unless it needs to route. Can someone help me understand there logic? Thanks
... View more
09-20-2019
07:56 PM
Hi,
Can Expedition migration Cisco Fire Power to Palo Alto?
Thanks
... View more
09-18-2019
11:39 PM
Hi Tommy, Just did a test anytime I add a URL category to a deny rule I get the block page with or without the URL filtering profile. The URL filtering profile just adds extra entry in the URL filtering log. Thanks
... View more
09-18-2019
10:56 PM
Hi Tommy, will you still get a block page if URL filtering profile had all categories set to alert and action on rule set to deny? Thanks
... View more
09-18-2019
02:44 PM
Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profile applied? Does it log the traffic in URL monitor when its blocked?
... View more
11-03-2018
05:15 PM
@pulukas in this setup would the server send arp-reply to arp request from the circut?
... View more
11-02-2018
04:16 PM
@gwesson wrote: Just to be sure, you're saying: server(1.1.1.50) <---> [e1/3]PAN[e1/1] <---> Router And you want the PAN to respond to ARP requests for 1.1.1.50 that originate from the router? If that's correct, there are two ways I can think of offhand: 1. Proxy ARP will do this if you do destination-NAT on 1.1.1.50 to some other internal address. There's a good doc on that here: https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os/networking/nat/nat-policy-rules/proxy-arp-for-nat-address-pools 2. Use virtual wire (vwire) interfaces instead of layer 3. A virtual wire doesn't terminate layer 2 or 3, so the ARP request will directly hit the server, and the response will come from the port that eth1/1 is connected to. Docs on that here: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/networking/virtual-wire-deployments https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os/networking/configure-interfaces/virtual-wire-interfaces/configure-virtual-wires (1.1.1.50) [e1/4]FW 2[e1/7] 10.10.10.11/24 <----> [e1/3]PAN[e1/7] 10.10.10.10/24 <---> [e1/3]PAN[e1/1] <---> Router Two Firewalls PAN and FW2 If i do a destination NAT on 1.1.1.50 to internal IP would the packet even make its way to ETH3? I cannot modify any IPs behind e1/3
... View more
11-02-2018
03:34 PM
Anyway to accomplish following without modifying routes at the router? I have a subnet 1.1.1.0/24 1.1.1.1/24 PAN ETH1 Need to route 1.1.1.50 from ETH1 -> ETH3 as it sits behind ETH3. I need ETH1 to reply back to router when it says arp who has for 1.1.1.50
... View more
10-24-2018
07:50 PM
How much data do I need to give log disk in Panorama if I use PALO ALTO NETWORKS LOGGING SERVICE? Can I give it no disk for logs? Is it possible to forward all Firewall logs to Panorama then to forward to Logging Service? Thanks
... View more
10-24-2018
04:38 PM
@jperry1 wouldn't VM-Series to Device be slower...even if I take the VM with higest resources? Thanks
... View more
10-23-2018
01:43 PM
AWS - Palo ALto IPSEC or AWS native IPSEC? Which is better any why? Thanks
... View more
08-22-2018
06:31 PM
Hi,
What are the best ways to get logs automatically to Expedition and have job automatically run to proccess it?
Thanks
... View more
08-01-2018
06:12 AM
1 Kudo
found the issue gp client wasn't install cred provider
... View more
07-31-2018
04:42 PM
Hi, Anyone notice on Windows 10 GP SSO fails with invalid user name or password? The user logs into PC (using domain) with no issue. Thanks
... View more
07-27-2018
07:26 PM
Anyone notice sometimes updating license keys on Panorama doesn’t push to FW devices? 8.0.6
... View more
07-26-2018
08:04 PM
Hi, For internal GW what happens when you create non tunnel-mode GW? Why would one do this? If it only provides USER-ID why is it used?
... View more
07-10-2018
08:48 AM
Hi, Anyone know what proccess I can split tunnel to allow printing locally on GP 8.1? Thanks
... View more
07-05-2018
06:05 AM
anyone? Thanks
... View more
07-04-2018
05:58 AM
@BPry PAN-OS 8.1.2 Latest USER-ID agent installed on WIndows Server 2016 DC is running Windows server 2016
... View more
07-03-2018
01:43 PM
I cannot read AD logs on Windows Server 2016 with the event viewer read group access. Is there anything special that needs to be on Windows 2016 Domain? Thanks
... View more
06-15-2018
09:50 PM
Hi, How can I get user to type username, password and OTP when using RSA Radius 8,1 on Global Protect ? Portal = Radius (RSA) passes -> LDAP check Thanks
... View more
06-15-2018
08:58 AM
Hi, Has anyone used google authenticator with Global Protect? Can anyone help on how this is to be configured? I have configured other RADIUS agents in the past. Thanks
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-15-2019
02:11 PM
|
Latest Blogs
Latest Posts
Copyright 2007 - 2020 - Palo Alto Networks
