cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

About Javith_Ali

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Javith_Ali
‎07-26-2018
since ‎02-19-2017
L2 Linker
User Activity
User Profile
Latest posts by Javith_Ali
View All
My Liked Posts
View All
User Badges
Public Statistics
Date Registered ‎02-19-2017 12:49 AM
Date Last Visited ‎07-26-2018 07:24 AM
Total Messages Posted 26
Total Likes Received 2

GP agent HIP issue

by in General Topics
‎04-23-2018 06:49 AM
‎04-23-2018 06:49 AM
  We have configured the internal globalprotect gateway and have the requirement that only internal/external GP gateway connected users can access the intranet/internet resources and users traffic without GP connectivity should be blocked by PA.   Now everything working fine except in below scenario where user deleted the GP agent, but they are going through the same HIP profile policy. (HIP data in DB not getting deleted, everything in cache)     HIP based policy is configured properly in PA (to check whether phone is android/ios/windows) All the GP agents are sharing the HIP data at the time of connectivity and matching the HIP based policies properly. The problem now is HIP data collected during the first time joining is kept in the HIP PA database for longtime and if the same user is disconnected the GP and browsing without GP connection , then same HIP policy is triggered (by using the data in HIP DB collected during the first time GP login). is there any possibility of whether HIP DB cache can be cleared frequently, so that user cannot delete the agent and join again without GP agent into the network. is there anyother possibility to resolve this issue? ... View more

Log forwarding profile in all security policies

by in General Topics
‎03-14-2018 09:20 AM
‎03-14-2018 09:20 AM
Is there any other way to configure Log forwarding profile in all 300+ security policies in single shot.   currently there is no log forwarding profile in all 300+ policies.     So below method is not applicable:   Not through web interface but you can export config out. It is one single xml file.   Device > Setup > Operations > Export configuration version Pick latest one from dropdown and click ok.   Then open this xml in your favourite text editor.   Find area between: <rule base> <security> <rules> and </rules> </security>      Everywhere you see "</entry>" and log-setting config does not precede: Then replace this with: <log-setting>Log-Forwarding-Policy</log-setting> </entry>   ... View more

FQDN object refreshes attempted even after objects deleted

by in General Topics
‎10-23-2017 06:05 AM
‎10-23-2017 06:05 AM
I have pair of 2000 series firewall running on PAN-OS version 7.1.7. we have deleted the below FQDN objects from the PA(objects and policies), but still its refreshing and querying the DNS server through the managment interface. i cannot find any known issue with PA2020 and 7.1.7 as well. Please suggest   adnetadmin@fw-elab-01(active)> request system fqdn show FQDN Table : Last Request time Mon Oct 23 16:47:41 2017 --------------------------------------------------------------------------------                       IP Address     Remaining TTL     Secs Since Refreshed -------------------------------------------------------------------------------- VSYS  : vsys1 (using mgmt-obj dnsproxy object) files-info.com  (Objectname BAD-URL-files-info.com):                         Not used updater.skillbrains.com  (Objectname updater.skillbrains.com):                     Not resolved VSYS  : shared (using mgmt-obj dnsproxy object)   ... View more

Re: DNS proxy to GP clients

by in General Topics
‎08-11-2017 09:12 AM
‎08-11-2017 09:12 AM
Hi,   Thansk for reply   we dont have more time to troubleshoot this issue as lots of users are complaining about DNS resolution. Hence we revert back to old configurations which is resolving all queries in internal server.   From the users machine, we are getting the dns timed out in nslookup and in firewall queries are sent from dns proxy ip to external servers and less queries to internal servers. yet to collect the logs, Just posted here to check for alternative solution.             ... View more

DNS proxy to GP clients

by in General Topics
‎08-11-2017 12:22 AM
‎08-11-2017 12:22 AM
DNS configured in GP settings: Primary DNS 10.250.1.1, secondary DNS 10.250.1.2   Access route: split tunnel- 10.250.0.0/16 allowed in GP.   Once clients are connected to globalprotect, they are getting the above DNS settings. so the traffic going to internet also resolving in above Internal DNS server.   Now i have the requirement for GP users, when traffic going to internet, it should resolve using public DNS say 8.8.8.8 or 4.2.2.2 and the traffic going to 10.250.0.0/16 to GP tunnel should resolve to  DNS 10.250.1.1, secondary DNS 10.250.1.2.   I have configured as per below KB for fulfil the above requirement. its working fine, some of the users complain about internal DNS server issue for GP connected internal sites sometimes. However internet traffic resolution working fine. so we have removed this config   https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-DNS-Proxy-for-GlobalProtect-Clients/ta-p/124541   Kindly suggest if there is any workaround for this requirement     ... View more

Re: GP-VPN traffic is slow

by in General Topics
‎08-09-2017 10:43 PM
1 Kudo
‎08-09-2017 10:43 PM
1 Kudo
Hi Robert,   Thanks for info.   yes, we have loopback interface configured.  ... View more

GP-VPN traffic is slow

by in General Topics
‎08-09-2017 01:16 PM
‎08-09-2017 01:16 PM
GP VPN configured properly with IPSec enabled. But all the GP-clients are fall-back to SSL tunnel mode soon after connected. For testing purpose, give full access any-any allow in policy. one time connected as IPSec and when disconnect & connect again another time gp-client automatically fall-back to SSL mode.   Port 4501 UDP & TCP are allowed in policy. why not a single client is connected as IPsec. how to find out the proper reason for this fall-back.    ... View more

Re: Internal traffic is hitting in the isp firewall

by in General Topics
‎06-17-2017 11:59 PM
‎06-17-2017 11:59 PM
It might be possible. because both networks are internally conneced thro core switch. the traffic should not come to PA firewall as it should be routed in core switch via inter-vlan routing. we are checking it.   But i could not figure out how PA firewall allowed some bytes to transfer through ISP interface. ... View more

Re: MP utilization high after the HA failover to primary

by in General Topics
‎06-17-2017 11:53 PM
1 Kudo
‎06-17-2017 11:53 PM
1 Kudo
Thanks for suggestion,   As per TAC, it was due to bug related to logrcvr which is fixed in 7.1.6. we have upgraded to latest version and checking the cpu usage. ... View more

Re: MP utilization high after the HA failover to primary

by in General Topics
‎06-11-2017 04:19 PM
‎06-11-2017 04:19 PM
still i cant figure out how the secondary firewall with same configuration(with fqdn) worked well with 10% MP when it was active for over months. ... View more

Re: MP utilization high after the HA failover to primary

by in General Topics
‎06-11-2017 04:05 PM
‎06-11-2017 04:05 PM
Its PA3000 series. version:7.1.4 h2   yes, its showing 30% MP utilization in CLI and above 60% in GUI.   https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os-release-notes/pan-os-7-1-5-addressed-issues   found out bug-id: 61146 related to fqdnobjects   either we have to remove/extend the fqdn refresh or upgrade to 7.1.5 i think. ... View more

Re: MP utilization high after the HA failover to primary

by in General Topics
‎06-11-2017 05:30 AM
‎06-11-2017 05:30 AM
Still Management plane utilization is high even after the restart @Javith_Ali wrote: Hi Ben,   Thanks for suggestion. i will do it and then update you.   However i have doubt zombie process holding 20-30% of CPU.   if we add the CPU% utilized by all the processes (show system resources output). it would not be more than 20%. But GUI showing M-plane above 56% consistently. is it due to zombie process? ... View more

Re: MP utilization high after the HA failover to primary

by in General Topics
‎06-11-2017 12:08 AM
‎06-11-2017 12:08 AM
Hi Ben,   Thanks for suggestion. i will do it and then update you.   However i have doubt zombie process holding 20-30% of CPU.   if we add the CPU% utilized by all the processes (show system resources output). it would not be more than 20%. But GUI showing M-plane above 56% consistently. is it due to zombie process? ... View more

MP utilization high after the HA failover to primary

by in General Topics
‎06-08-2017 01:00 AM
‎06-08-2017 01:00 AM
When Secondary Firewall became active, management plane utilization is not more than 10% for over months. Last week manual failover made, Primary is active now. MP utilization is above 60% all the time.   All the configurations are same as it's in HA. Both firewall has 10+ unused FQDN objects and FQDN refresh happening for every 30 seconds eventhough its unused.   Please suggest what might have causes the primary MP utilization above 50%. its consistent.       show system resources - for primary active firewall. output taken during 56% MP-CPU top - 11:16:26 up 250 days, 17:59,  1 user,  load average: 1.16, 1.01, 0.86 Tasks: 119 total,   2 running, 116 sleeping,   0 stopped,   1 zombie Cpu(s): 33.0%us,  1.0%sy,  0.1%ni, 65.7%id,  0.0%wa,  0.0%hi,  0.2%si,  0.0%st Mem:   3850716k total,  3695272k used,   155444k free,   150692k buffers Swap:  2008084k total,    11044k used,  1997040k free,  1874152k cached   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND              6239 nobody    20   0  114m  18m 7424 S  2.0  0.5  19:51.11 appweb3              9050       20   0  8940 1584 1408 S  2.0  0.0   0:00.01 wmic                    1       20   0  2084  628  600 S  0.0  0.0   2:22.11 init                    2       20   0     0    0    0 S  0.0  0.0   0:00.00 kthreadd                3       RT   0     0    0    0 S  0.0  0.0   0:44.36 migration/0             4       20   0     0    0    0 S  0.0  0.0   2:11.88 ksoftirqd/0             5       RT   0     0    0    0 S  0.0  0.0   0:44.38 migration/1             6       20   0     0    0    0 S  0.0  0.0   2:03.20 ksoftirqd/1             7       20   0     0    0    0 S  0.0  0.0  50:24.46 events/0                8       20   0     0    0    0 S  0.0  0.0  51:11.03 events/1                9       20   0     0    0    0 S  0.0  0.0   0:00.01 khelper                14       20   0     0    0    0 S  0.0  0.0   0:00.00 async/mgr             164       20   0     0    0    0 S  0.0  0.0   0:17.16 sync_supers           166       20   0     0    0    0 S  0.0  0.0   0:18.36 bdi-default           167       20   0     0    0    0 S  0.0  0.0   0:04.86 kblockd/0           lines 1-23 top - 11:16:26 up 250 days, 17:59,  1 user,  load average: 1.16, 1.01, 0.86 Tasks: 119 total,   2 running, 116 sleeping,   0 stopped,   1 zombie Cpu(s): 33.0%us,  1.0%sy,  0.1%ni, 65.7%id,  0.0%wa,  0.0%hi,  0.2%si,  0.0%st Mem:   3850716k total,  3695272k used,   155444k free,   150692k buffers Swap:  2008084k total,    11044k used,  1997040k free,  1874152k cached   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND              6239 nobody    20   0  114m  18m 7424 S  2.0  0.5  19:51.11 appweb3              9050       20   0  8940 1584 1408 S  2.0  0.0   0:00.01 wmic                    1       20   0  2084  628  600 S  0.0  0.0   2:22.11 init                    2       20   0     0    0    0 S  0.0  0.0   0:00.00 kthreadd                3       RT   0     0    0    0 S  0.0  0.0   0:44.36 migration/0             4       20   0     0    0    0 S  0.0  0.0   2:11.88 ksoftirqd/0             5       RT   0     0    0    0 S  0.0  0.0   0:44.38 migration/1             6       20   0     0    0    0 S  0.0  0.0   2:03.20 ksoftirqd/1             7       20   0     0    0    0 S  0.0  0.0  50:24.46 events/0                8       20   0     0    0    0 S  0.0  0.0  51:11.03 events/1                9       20   0     0    0    0 S  0.0  0.0   0:00.01 khelper                14       20   0     0    0    0 S  0.0  0.0   0:00.00 async/mgr             164       20   0     0    0    0 S  0.0  0.0   0:17.16 sync_supers           166       20   0     0    0    0 S  0.0  0.0   0:18.36 bdi-default           167       20   0     0    0    0 S  0.0  0.0   0:04.86 kblockd/0             168       20   0     0    0    0 S  0.0  0.0   0:04.22 kblockd/1             170       20   0     0    0    0 S  0.0  0.0   0:00.00 kacpid                171       20   0     0    0    0 S  0.0  0.0   0:00.00 kacpi_notify          172       20   0     0    0    0 S  0.0  0.0   0:00.00 kacpi_hotplug         319       20   0     0    0    0 S  0.0  0.0   0:00.00 ata/0                 320       20   0     0    0    0 S  0.0  0.0   0:00.00 ata/1                 321       20   0     0    0    0 S  0.0  0.0   0:00.00 ata_aux               322       20   0     0    0    0 S  0.0  0.0   0:00.00 ksuspend_usbd         327       20   0     0    0    0 S  0.0  0.0   0:00.01 khubd                 330       20   0     0    0    0 S  0.0  0.0   0:00.01 kseriod               368       20   0     0    0    0 S  0.0  0.0   0:00.00 rpciod/0              369       20   0     0    0    0 S  0.0  0.0   0:00.00 rpciod/1              395       20   0     0    0    0 S  0.0  0.0   3:20.52 kswapd0               396       20   0     0    0    0 S  0.0  0.0   0:00.00 aio/0                 397       20   0     0    0    0 S  0.0  0.0   0:00.00 aio/1                 398        1 -19     0    0    0 S  0.0  0.0   0:00.00 nfsiod                547       20   0     0    0    0 S  0.0  0.0   0:00.00 scsi_eh_0           lines 1-40   549       20   0     0    0    0 S  0.0  0.0   0:00.00 scsi_eh_1             551       20   0     0    0    0 S  0.0  0.0   0:00.00 scsi_eh_2             553       20   0     0    0    0 S  0.0  0.0   0:00.00 scsi_eh_3             555       20   0     0    0    0 S  0.0  0.0   0:00.00 scsi_eh_4             557       20   0     0    0    0 S  0.0  0.0   0:00.00 scsi_eh_5             608       20   0     0    0    0 S  0.0  0.0   0:00.00 kpsmoused             618       20   0     0    0    0 S  0.0  0.0   0:00.00 edac-poller           633       20   0     0    0    0 S  0.0  0.0   4:05.82 kjournald             686       16  -4  2220  448  380 S  0.0  0.0   0:00.50 udevd                1307       20   0     0    0    0 S  0.0  0.0   0:00.00 kstriped             1342       20   0     0    0    0 S  0.0  0.0   1:08.68 kjournald            1343       20   0     0    0    0 S  0.0  0.0   0:00.01 kjournald            1407       20   0     0    0    0 S  0.0  0.0   8:54.85 flush-8:0            1582       20   0  2136  724  612 S  0.0  0.0   0:24.79 syslogd              1585       20   0  2084  440  388 S  0.0  0.0   0:00.02 klogd                1594       20   0  2124  340  240 S  0.0  0.0  31:17.93 irqbalance           1602 rpc       20   0  2224  488  460 S  0.0  0.0   0:00.01 portmap              1620       20   0  2248  636  632 S  0.0  0.0   0:00.01 rpc.statd            1685       20   0  2984  596  592 S  0.0  0.0   0:00.01 xinetd               1710       20   0     0    0    0 S  0.0  0.0   0:00.00 lockd                1711        1 -19     0    0    0 S  0.0  0.0  12:19.07 nfsd                 1712        1 -19     0    0    0 S  0.0  0.0  12:27.25 nfsd                 1713        1 -19     0    0    0 S  0.0  0.0  12:12.59 nfsd                 1714        1 -19     0    0    0 S  0.0  0.0  12:06.74 nfsd                 1715        1 -19     0    0    0 S  0.0  0.0  12:06.13 nfsd                 1716        1 -19     0    0    0 S  0.0  0.0  12:12.76 nfsd                 1717        1 -19     0    0    0 S  0.0  0.0  12:15.42 nfsd                 1718        1 -19     0    0    0 S  0.0  0.0  12:05.01 nfsd                 1721       20   0  3580 1988  592 S  0.0  0.1   0:14.82 rpc.mountd           1775        0 -20 50304  11m 3476 S  0.0  0.3 419:30.03 masterd_apps         1782       20   0  2216  500  496 S  0.0  0.0   0:00.01 agetty               1793       15  -5 21944 4256 2380 S  0.0  0.1   1030:16 sysd                 1834       20   0 67412  12m 3984 S  0.0  0.3  38:18.14 dagger               1835       30  10 16500 6252 3148 S  0.0  0.2 210:23.33 python               1842       20   0  118m 5236 3240 S  0.0  0.1  76:30.82 sysdagent            1895       20   0 12580 2776 2192 S  0.0  0.1  38:24.00 ehmon                1896       20   0 75504 4152 2840 S  0.0  0.1  44:58.71 chasd                1905       20   0  4184 2332 1328 S  0.0  0.1   0:00.03 tscat                1980       20   0 77532 6060 3700 S  0.0  0.2  48:41.36 cryptod              2088       20   0  6028 1572 1216 S  0.0  0.0   0:00.01 sshd                lines 41-80  2112       20   0  6028 1644 1280 S  0.0  0.0   0:00.97 sshd                 2118       20   0     0    0    0 S  0.0  0.0   0:42.11 kjournald            2182       20   0  232m  34m 3932 S  0.0  0.9  88:21.02 cord                 2183       20   0  257m 146m  12m S  0.0  3.9 139:20.75 devsrvr              2186       20   0  313m 161m 115m S  0.0  4.3 510:28.47 useridd              2286       20   0 40120 4080 2644 S  0.0  0.1   0:00.03 nginx                2514 nobody    20   0 55928 5504 3048 S  0.0  0.1  45:29.49 nginx                3911       20   0 1295m  71m  20m R  0.0  1.9 795:33.94 mongod               3931       20   0 69360 6212 3884 S  0.0  0.2 637:32.50 ikemgr               3933       20   0 92064 8404 4356 S  0.0  0.2  49:54.16 rasmgr               3934       20   0 88040 4496 3128 S  0.0  0.1  50:23.70 keymgr               3935       20   0  397m  30m 5420 S  0.0  0.8  81:03.46 varrcvr              3937       20   0 71736 4984 3132 S  0.0  0.1 108:07.95 l2ctrld              3939       17  -3 49360 5396 3336 S  0.0  0.1  81:44.49 ha_agent             3940       20   0  105m  13m 3984 S  0.0  0.4  59:38.30 satd                 3941       20   0  166m  29m 3812 S  0.0  0.8  53:37.05 sslmgr               3942       20   0 67708 5108 3208 S  0.0  0.1  56:55.65 pan_dhcpd            3943       20   0 65572 6980 3388 S  0.0  0.2  50:19.58 dnsproxyd            3945       20   0 64488 5788 3236 S  0.0  0.2  47:51.57 pppoed               3946       17  -3  144m  14m 4540 S  0.0  0.4  64:59.50 routed               3947       20   0 2182m  24m 5508 S  0.0  0.7  87:14.51 authd                3994       20   0 43956  11m 3372 S  0.0  0.3 227:05.60 snmpd                4016       20   0 57052 6932 3380 S  0.0  0.2  35:30.12 nginx                5309       20   0 16948 1208  340 S  0.0  0.0   0:00.00 syslog-ng            5310       20   0 17384 2708 1392 S  0.0  0.1   0:11.58 syslog-ng            6233 nobody    20   0  138m  35m 8588 S  0.0  0.9  18:18.32 appweb3              6638       20   0 13744 4872 2924 S  0.0  0.1 376:08.64 packet_path_pin      8970       20   0  8940 1580 1408 S  0.0  0.0   0:00.01 wmic                 8973       20   0  8860 2680 2188 S  0.0  0.1   0:00.06 sshd                 8990       20   0  8940 1844 1652 S  0.0  0.0   0:00.01 wmic                 9001       20   0  8940 1584 1408 S  0.0  0.0   0:00.01 wmic                 9005 ssokhair  20   0  8860 1500 1004 S  0.0  0.0   0:00.01 sshd                 9006 ssokhair  20   0 59600  21m  10m S  0.0  0.6   0:00.32 cli                  9039       20   0  8940 1688 1508 S  0.0  0.0   0:00.01 wmic                 9040       20   0  9076 2184 1784 S  0.0  0.1   0:00.01 wmic                 9045 ssokhair  20   0  5676  964  772 S  0.0  0.0   0:00.01 less                 9047       20   0 13540 2400 1588 S  0.0  0.1   0:00.02 sh                   9048       20   0 13176 2300 1324 R  0.0  0.1   0:00.01 top                  9049       20   0 12900 1836 1108 S  0.0  0.0   0:00.01 sed                 13500       20   0 39996 4064 2768 S  0.0  0.1   0:00.03 nginx               lines 81-120 13525 nobody    20   0 56952 5628 2156 S  0.0  0.1  13:03.46 nginx               13526 nobody    20   0 56952 5628 2156 S  0.0  0.1  10:13.41 nginx               14534       20   0  890m 291m 8076 S  0.0  7.8 653:22.91 mgmtsrvr            15441       20   0 1478m 469m  11m S  0.0 12.5  35791:06 logrcvr             19604       20   0  3088 1124  584 S  0.0  0.0   0:00.42 crond               26021       20   0  7684 1968 1476 S  0.0  0.1  16:05.86 ntpd                32294       20   0     0    0    0 Z  0.0  0.0   0:00.03 mgmtsrvr <defunct>  show system resources top - 11:17:07 up 250 days, 18:00,  1 user,  load average: 0.98, 0.99, 0.86 Tasks: 120 total,   3 running, 116 sleeping,   0 stopped,   1 zombie Cpu(s): 33.0%us,  1.0%sy,  0.1%ni, 65.7%id,  0.0%wa,  0.0%hi,  0.2%si,  0.0%st Mem:   3850716k total,  3698072k used,   152644k free,   150808k buffers Swap:  2008084k total,    11044k used,  1997040k free,  1875248k cached   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND              1895       20   0 12580 2776 2192 S  2.0  0.1  38:24.01 ehmon                2186       20   0  313m 161m 115m S  2.0  4.3 510:28.68 useridd                 1       20   0  2084  628  600 S  0.0  0.0   2:22.11 init                    2       20   0     0    0    0 S  0.0  0.0   0:00.00 kthreadd                3       RT   0     0    0    0 S  0.0  0.0   0:44.36 migration/0             4       20   0     0    0    0 S  0.0  0.0   2:11.88 ksoftirqd/0             5       RT   0     0    0    0 S  0.0  0.0   0:44.38 migration/1             6       20   0     0    0    0 S  0.0  0.0   2:03.20 ksoftirqd/1             7       20   0     0    0    0 S  0.0  0.0  50:24.47 events/0                8       20   0     0    0    0 S  0.0  0.0  51:11.04 events/1                9       20   0     0    0    0 S  0.0  0.0   0:00.01 khelper                14       20   0     0    0    0 S  0.0  0.0   0:00.00 async/mgr             164       20   0     0    0    0 S  0.0  0.0   0:17.16 sync_supers           166       20   0     0    0    0 S  0.0  0.0   0:18.36 bdi-default           167       20   0     0    0    0 S  0.0  0.0   0:04.86 kblockd/0             168       20   0     0    0    0 S  0.0  0.0   0:04.22 kblockd/1             170       20   0     0    0    0 S  0.0  0.0   0:00.00 kacpid                171       20   0     0    0    0 S  0.0  0.0   0:00.00 kacpi_notify          172       20   0     0    0    0 S  0.0  0.0   0:00.00 kacpi_hotplug         319       20   0     0    0    0 S  0.0  0.0   0:00.00 ata/0                 320       20   0     0    0    0 S  0.0  0.0   0:00.00 ata/1                 321       20   0     0    0    0 S  0.0  0.0   0:00.00 ata_aux               322       20   0     0    0    0 S  0.0  0.0   0:00.00 ksuspend_usbd         327       20   0     0    0    0 S  0.0  0.0   0:00.01 khubd                 330       20   0     0    0    0 S  0.0  0.0   0:00.01 kseriod               368       20   0     0    0    0 S  0.0  0.0   0:00.00 rpciod/0              369       20   0     0    0    0 S  0.0  0.0   0:00.00 rpciod/1              395       20   0     0    0    0 S  0.0  0.0   3:20.52 kswapd0               396       20   0     0    0    0 S  0.0  0.0   0:00.00 aio/0                 397       20   0     0    0    0 S  0.0  0.0   0:00.00 aio/1                 398        1 -19     0    0    0 S  0.0  0.0   0:00.00 nfsiod                547       20   0     0    0    0 S  0.0  0.0   0:00.00 scsi_eh_0           lines 1-40   549       20   0     0    0    0 S  0.0  0.0   0:00.00 scsi_eh_1             551       20   0     0    0    0 S  0.0  0.0   0:00.00 scsi_eh_2             553       20   0     0    0    0 S  0.0  0.0   0:00.00 scsi_eh_3             555       20   0     0    0    0 S  0.0  0.0   0:00.00 scsi_eh_4             557       20   0     0    0    0 S  0.0  0.0   0:00.00 scsi_eh_5             608       20   0     0    0    0 S  0.0  0.0   0:00.00 kpsmoused             618       20   0     0    0    0 S  0.0  0.0   0:00.00 edac-poller           633       20   0     0    0    0 S  0.0  0.0   4:05.82 kjournald             686       16  -4  2220  448  380 S  0.0  0.0   0:00.50 udevd                1307       20   0     0    0    0 S  0.0  0.0   0:00.00 kstriped             1342       20   0     0    0    0 S  0.0  0.0   1:08.68 kjournald            1343       20   0     0    0    0 S  0.0  0.0   0:00.01 kjournald            1407       20   0     0    0    0 S  0.0  0.0   8:54.85 flush-8:0            1582       20   0  2136  724  612 S  0.0  0.0   0:24.79 syslogd              1585       20   0  2084  440  388 S  0.0  0.0   0:00.02 klogd                1594       20   0  2124  340  240 S  0.0  0.0  31:17.93 irqbalance           1602 rpc       20   0  2224  488  460 S  0.0  0.0   0:00.01 portmap              1620       20   0  2248  636  632 S  0.0  0.0   0:00.01 rpc.statd            1685       20   0  2984  596  592 S  0.0  0.0   0:00.01 xinetd               1710       20   0     0    0    0 S  0.0  0.0   0:00.00 lockd                1711        1 -19     0    0    0 S  0.0  0.0  12:19.07 nfsd                 1712        1 -19     0    0    0 S  0.0  0.0  12:27.25 nfsd                 1713        1 -19     0    0    0 S  0.0  0.0  12:12.59 nfsd                 1714        1 -19     0    0    0 S  0.0  0.0  12:06.74 nfsd                 1715        1 -19     0    0    0 S  0.0  0.0  12:06.13 nfsd                 1716        1 -19     0    0    0 S  0.0  0.0  12:12.76 nfsd                 1717        1 -19     0    0    0 S  0.0  0.0  12:15.43 nfsd                 1718        1 -19     0    0    0 S  0.0  0.0  12:05.01 nfsd                 1721       20   0  3580 1988  592 S  0.0  0.1   0:14.82 rpc.mountd           1775        0 -20 50304  11m 3476 S  0.0  0.3 419:30.09 masterd_apps         1782       20   0  2216  500  496 S  0.0  0.0   0:00.01 agetty               1793       15  -5 21944 4256 2380 S  0.0  0.1   1030:16 sysd                 1834       20   0 67412  12m 3984 S  0.0  0.3  38:18.22 dagger               1835       30  10 16500 6252 3148 S  0.0  0.2 210:23.34 python               1842       20   0  118m 5236 3240 S  0.0  0.1  76:30.84 sysdagent            1896       20   0 75504 4152 2840 S  0.0  0.1  44:58.72 chasd                1905       20   0  4184 2332 1328 S  0.0  0.1   0:00.03 tscat                1980       20   0 77532 6060 3700 S  0.0  0.2  48:41.36 cryptod              2088       20   0  6028 1572 1216 S  0.0  0.0   0:00.01 sshd                 2112       20   0  6028 1644 1280 S  0.0  0.0   0:00.97 sshd                lines 41-80  2118       20   0     0    0    0 S  0.0  0.0   0:42.12 kjournald            2182       20   0  232m  34m 3932 S  0.0  0.9  88:21.03 cord                 2183       20   0  257m 146m  12m S  0.0  3.9 139:20.76 devsrvr              2286       20   0 40120 4080 2644 S  0.0  0.1   0:00.03 nginx                2514 nobody    20   0 55928 5504 3048 S  0.0  0.1  45:29.55 nginx                3911       20   0 1295m  71m  20m R  0.0  1.9 795:34.05 mongod               3931       20   0 69360 6212 3884 R  0.0  0.2 637:32.59 ikemgr               3933       20   0 92064 8404 4356 S  0.0  0.2  49:54.17 rasmgr               3934       20   0 88040 4496 3128 S  0.0  0.1  50:23.71 keymgr               3935       20   0  397m  30m 5420 S  0.0  0.8  81:03.60 varrcvr              3937       20   0 71736 4984 3132 S  0.0  0.1 108:07.96 l2ctrld              3939       17  -3 49360 5396 3336 S  0.0  0.1  81:44.50 ha_agent             3940       20   0  105m  13m 3984 S  0.0  0.4  59:38.30 satd                 3941       20   0  166m  29m 3812 S  0.0  0.8  53:37.05 sslmgr               3942       20   0 67708 5108 3208 S  0.0  0.1  56:55.65 pan_dhcpd            3943       20   0 65572 6980 3388 S  0.0  0.2  50:19.59 dnsproxyd            3945       20   0 64488 5788 3236 S  0.0  0.2  47:51.57 pppoed               3946       17  -3  144m  14m 4540 S  0.0  0.4  64:59.51 routed               3947       20   0 2182m  24m 5508 S  0.0  0.7  87:14.52 authd                3994       20   0 43956  11m 3372 S  0.0  0.3 227:05.64 snmpd                4016       20   0 57052 6932 3380 S  0.0  0.2  35:30.12 nginx                5309       20   0 16948 1208  340 S  0.0  0.0   0:00.00 syslog-ng            5310       20   0 17384 2708 1392 S  0.0  0.1   0:11.58 syslog-ng            6233 nobody    20   0  139m  36m 8588 S  0.0  1.0  18:20.63 appweb3              6239 nobody    20   0  114m  18m 7424 S  0.0  0.5  19:51.38 appweb3              6638       20   0 13744 4872 2924 S  0.0  0.1 376:08.69 packet_path_pin      8973       20   0  8860 2680 2188 S  0.0  0.1   0:00.06 sshd                 9005 ssokhair  20   0  8860 1500 1004 S  0.0  0.0   0:00.01 sshd                 9006 ssokhair  20   0 59600  21m  10m S  0.0  0.6   0:00.32 cli                  9141       20   0  8940 1588 1408 S  0.0  0.0   0:00.01 wmic                 9146       20   0  8940 1588 1408 S  0.0  0.0   0:00.01 wmic                 9156       20   0  8940 1584 1408 S  0.0  0.0   0:00.01 wmic                 9167       20   0  8940 1588 1408 S  0.0  0.0   0:00.01 wmic                 9295       20   0  8944 2048 1784 S  0.0  0.1   0:00.01 wmic                 9296       20   0  8944 2052 1784 S  0.0  0.1   0:00.01 wmic                 9299       20   0  8940 1636 1464 S  0.0  0.0   0:00.01 wmic                 9301 ssokhair  20   0  5676  960  772 S  0.0  0.0   0:00.01 less                 9303       20   0 13540 2404 1588 S  0.0  0.1   0:00.02 sh                   9304       20   0 13176 2304 1324 R  0.0  0.1   0:00.01 top                  9305       20   0 12900 1832 1108 S  0.0  0.0   0:00.01 sed                 lines 81-120 13500       20   0 39996 4064 2768 S  0.0  0.1   0:00.03 nginx               13525 nobody    20   0 56952 5628 2156 S  0.0  0.1  13:03.46 nginx               13526 nobody    20   0 56952 5628 2156 S  0.0  0.1  10:13.41 nginx               14534       20   0  890m 291m 8080 S  0.0  7.8 653:23.42 mgmtsrvr            15441       20   0 1478m 471m  11m S  0.0 12.5  35791:06 logrcvr             19604       20   0  3088 1124  584 S  0.0  0.0   0:00.42 crond               26021       20   0  7684 1968 1476 S  0.0  0.1  16:05.86 ntpd                32294       20   0     0    0    0 Z  0.0  0.0   0:00.03 mgmtsrvr <defunct>     ... View more

Re: Internal traffic is hitting in the isp firewall

by in General Topics
‎06-07-2017 10:46 AM
‎06-07-2017 10:46 AM
Hi   we only got source & dest IP, dest port no. from the ISP which is attached below in conversation. ... View more

Re: Internal traffic is hitting in the isp firewall

by in General Topics
‎06-07-2017 04:12 AM
‎06-07-2017 04:12 AM
@TranceforLife wrote: Can you please post the firewall session logs for the above mantioned ip`s? If the sessions are leaving the firewall and the next hop or egress interface not the one that is facing the ISP, them you need to check that device.    p.s no need to hide the ip`s as they are private anyway 😉 @TranceforLife wrote: Can you please post the firewall session logs for the above mantioned ip`s? If the sessions are leaving the firewall and the next hop or egress interface not the one that is facing the ISP, them you need to check that device.    p.s no need to hide the ip`s as they are private anyway 😉   ... View more

Re: Internal traffic is hitting in the isp firewall

by in General Topics
‎06-07-2017 01:49 AM
‎06-07-2017 01:49 AM
Hi All, thanks for suggestions.   ISP report attached below: source and destination details   when i filter the below logs in traffic logs, i can see the below session in firewall But it was going to someother interface, not going to ISP interface. However ISP report inlcudes below session details.   Routing is proper, there is no NAT involved.   Its possible VLAN bleeding on the switch. Thanks for suggestion.   But anyway traffic should not go to ISP interface as any zone to ISP zone is denied in policy and logging also enabled. ... View more

Re: Internal traffic is hitting in the isp firewall

by in General Topics
‎06-05-2017 02:46 AM
‎06-05-2017 02:46 AM
Thanks for suggestion.   If we find this abnornal traffic to untrust ISP interface gets logged in firewall, then probably ARP in ISP interface would be the problem i think. Is there any other possibility ... View more

Re: Internal traffic is hitting in the isp firewall

by in General Topics
‎06-05-2017 02:03 AM
‎06-05-2017 02:03 AM
we have enabled the log at session end in implicit deny policy last week. prior to that logging was not enabled. it will useful to find out RCA.   But this traffic should be blocked by implicit deny policy. ... View more

Re: Internal traffic is hitting in the isp firewall

by in General Topics
‎06-05-2017 01:31 AM
‎06-05-2017 01:31 AM
  we have tried to configure the pcaps filter from trust to untrust subnet   (which should not be allowed and routing also not there).   But we can filter using ingress interface only. There is no option for egress in pcaps.   So we dont want to configure above filter for reported subnets as this will capture whole legitimate traffics  going to DMZ as well.     ... View more

Re: Internal traffic is hitting in the isp firewall

by in General Topics
‎06-05-2017 01:25 AM
‎06-05-2017 01:25 AM
Thanks for reply.   there is no logs showing for the same(means internal to Untrust).   However i can see the logs for the same reported IP's from trust to DMZ subnet (it is taking the actual route configured in VR).   we are getting the report from ISP on Weekly basis. ISP is sharing the different IP's (on weekly basis) but same source subnet (trust) and destination subnet (DMZ).   These IP's are not configured in firewall. client IP's only. Please suggest     ... View more

Internal traffic is hitting in the isp firewall

by in General Topics
‎06-05-2017 12:26 AM
‎06-05-2017 12:26 AM
Palo alto is perimeter to customer which is connected to isp firewall. Internal subnet traffics which are not allowed in isp/ untrust interface are hitted in isp firewall. Routing is proper. ARP is proper in isp interface( only next hop arp is there) Implicit deny policy blocking the interzone traffic trust to untrust. We don't have any clue how our internal private ip address communication is going to ISP firewall. There is no allowed security policyfor reported internal ip's and routing is proper. ... View more

LAN to Globalprotect VPN network not reachable

by in General Topics
‎05-08-2017 07:20 AM
‎05-08-2017 07:20 AM
we have configured the GP VPN as follows,   LAN: 192.100.1.0/24, gateway: 192.100.1.50->core switch->lan e1/1-192.100.1.55 PA -->tunnel.1 (same zone as LAN) 192.168.254.1/24.   GP IP pool: 192.168.254.2-192.168.254.254 Access route is proper: as traffic from GP VPN to LAN PC is reachable tunnel route is proper->192.168.254.0/24 is routed via tunnel.1   In pcap captured in firewall, there is no return traffic from GP VPN connected PC.   but when we initiate the traffic from GP VPN to LAN PC, its working. Any idea, pls suggest   ... View more

Hot shield proxy- PA unable to block

by in General Topics
‎04-22-2017 11:45 PM
‎04-22-2017 11:45 PM
we have created the application filter for proxy based apps-140+ apps are in that proxy filter which includes IKE, IPSec, Hot-shield etc except SSL.   This proxy-based app filter is called in the security policy (with block action). In addition to that, I have added the unknown-TCP, UDP and teredo, etc apps in same security policy.   All the traffic from test machine is decrypted.   Observation: 1, when I open the hot-shield proxy app in test PC, it is not getting connected. 2, But when I uninstall the hot-shield app and tried to connect again. its getting connected.   when I add the SSL app to block policy, point no.2 is not happening. I.e., hot-shield permanently blocked.   But i cant block the SSL traffics in my network, I have allowed SSL then tried to block hot-shield through URL categories. which is again not possible. Its keep on changing URL and going by Computer and Internet info URL category.   Please suggest how can i block Hot-shield proxy. ... View more
Ask Questions Get Answers Join the Live Community
Contact Me
Online Status
Offline
Date Last Visited
‎07-26-2018 07:24 AM
Latest Tags
No tags yet
Likes Given To
Likes From
Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2020 - Palo Alto Networks