cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

About corporatenw

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
corporatenw
‎05-19-2022
since ‎04-24-2017
L1 Bithead
User Activity
User Profile
User Badges
Community Statistics
Member Since ‎04-24-2017 03:45 AM
Date Last Visited ‎05-19-2022 05:58 AM
Posts 5

Azure PA HA DNS

by in VM-Series in the Public Cloud
‎12-22-2021 06:12 AM
‎12-22-2021 06:12 AM
Hello community 🙂 I'm running an v9.1.x Active\Passive cluster on Azure and we had several problems with the "quick" failover. Because I need the firewall(s) to perform DNS resolution on internal fqdn objects I had them configured with private DNS servers running on Azure VMs. While digging in to the failover issue I observed that the new active firewall is not able to contact Azure cloud to request the floating IPs. "2021-12-20 17:53:01.916 +0200 vm_ha_state_trans INFO: : Getting Azure token failed with exception <urlopen error [Errno -3] Temporary failure in name resolution> 2021-12-20 17:53:01.917 +0200 vm_ha_state_trans INFO: : Failed to get Azure Access Token 2021-12-20 17:53:04.764 +0200 vm_ha_state_trans INFO: : vm_mode: 6 2021-12-20 17:53:04.926 +0200 vm_ha_state_trans INFO: : Platform Identified as AZR 2021-12-20 17:53:05.083 +0200 vm_ha_state_trans INFO: : AZR cloud_setting called 2021-12-20 17:53:05.318 +0200 vm_ha_state_trans INFO: : AZR vm_ha_trans called" The new active firewall was sending DNS requests to internal DNS servers and the server couldn't connect to the internet because the floating IP wasn't moved to the new firewall. Similar to the chicken and the egg problem 🙂 To solve it I configured a public DNS on the firewall and kept the secondary DNS server the private one. Failover started working but I discovered that my internal FQDN object is not resolved anymore.  Seems that PA firewall is sending DNS  queries to the second defined server only if the primary is "unreachable". I was expecting a different behavior and have DNS query sent to the secondary server even if the first returned "no record found". I changed the priority of the DNS servers and will test the failover again this Friday.  Do you find this DNS behavior normal and how do you guys\girls have it configured in your clusters?   ... View more

PA default interface state

by in General Topics
‎10-07-2021 02:50 AM
‎10-07-2021 02:50 AM
Hello community 🙂 I've been searching but couldn't find an answer so: What is the default interface state (out of the box firewall)? Is it forwarding L2 packets? Can I create a L2 loop by connecting two interfaces between FW & a switch?   ... View more

Re: Expedition tool disabled the IPSEC tunnels

by in Expedition Discussions
‎10-01-2020 12:45 AM
‎10-01-2020 12:45 AM
I confirm that loading the same config file in a new project on Expedition 1.1.82 will not set the ipsec tunnels to disabled.   ... View more

Re: Expedition tool disabled the IPSEC tunnels

by in Expedition Discussions
‎09-30-2020 06:21 AM
‎09-30-2020 06:21 AM
I just checked on expedition 1.1.59 and there is no disabled field, see attached screen: ... View more

Expedition tool disabled the IPSEC tunnels

by in Expedition Discussions
‎09-30-2020 05:50 AM
‎09-30-2020 05:50 AM
Hello to all, I want to address a bug in expedition 1.1.81.1. I imported a PaloAlto configuration (FW 8.1.11) to perform object cleanup and it disabled almost all my ipsec tunnels configured on the PA. You can imagine the downtime...:( Any of you that have ipsec tunnels configured on PA can import to expedition and check the status in Expedition -> Network -> VPN?   ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎05-19-2022 05:58 AM
Latest Tags
No tags yet
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2022 - Palo Alto Networks