This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies. For details on cookie usage on our site, read our Privacy Policy
Hi Team as per the requirement youtube needs to be blocked , we have blocked youtube with applcation , url category and it is blocked on browser. but when customer accessing the youtube application it is not getting block even though it is hitting the deny policy . we have tried decrytion as well but no luck . Any suggestions ?
... View more
Hi Team please advise if DLP , ICAP is supported with PA . There is no document found as such , but i have found few fourms which says it is not supported but wanted to check as a confirmation.
... View more
Hi All we are using 3rd party singed certificate for inbound SSL inspection , once we imported the certificate it is not showing any error and commit is working fine . once we add the certificate to decryption policy it is showing error as bad certificate and commit is failing . The certificate is 3rd part signed CA and its not the CA or subordinate CA this is normal server certificate and the key option after import is showing green check mark that means it has the key and also the certificate is valid . please advise what could be the issue for this bad certificate error ...
... View more
@BPry do we have any guide to which shows the steps i.e. the management interface need access to get the GP data file . what is the dynamic updates are downloading from other interface and not management , GP data file will work in this senario ?
... View more
thank you ..but m kind of confuse here.. when you say... if the VPN is bound to the physical interface of the leased line, you should also be able to add a static route for the remote peer pointed to the next hop on the leased line (metric 1)... the destination is private IP or public ip of remote peer ? ...the next hope will be the ISP router IP of lease line ?
... View more
Hi @santonic I agree but we are using the ecmp balanced round robbin in this i guess fw is sending to adsl line n the return is coming to lease line .. since lease line doesnt know abut it it is dropping .
... View more
Hi @reaper So what I understand is to add the static route for ipsec traffic as a next hop i.e the router ip of first isp with metric 1......but we already added proxy id that shuld add the route but may be not with metric 1 ... but if i add the route as next hop router ip then the traffic will go to the internet n not through the tunnel or shuld i select tunnel interface while adding the route?
... View more
hi @reaper the ipsec is configured to use the tunnel interface and terminated on the physical interface of 1st IP i.e. the lease line. i guess ip modulo\hash should help is resolving this issue ...any more suggestions on this senario
... View more
we have valid license of GP gateway but Global protect data file not downloading_not showing anything in Dynamic updates. when clicking on check now nothing shows up , tried configuring it as automatic download and install but no luck . https://live.paloaltonetworks.com/t5/General-Topics/Not-showing-dynamic-updates-for-global-protect-data-file-even-we/m-p/48744#M35897 found the above discussion and it is mentioning that management interface should be able to initiate the connection on port 80 to some fqdn ...will this resolve the issue ? please advise.
... View more
Hi Team we are facing packet drop issue on ipsec traffic once the ecmp is enabled . we have two ISP and wish to balance the traffic and using balanced round robbin for the same , once this is enabled ipsec packet drop occurs and if we disable ecmp everything is fine . The first internet line is lease line on which the ipsec is terminated and the other line is ADSL i.e. dynamic IP . i am suspecting , since the ecmp is enabled the traffic is going from adsl line and the return traffic is coming on lease line and getting dropped by FW . please advise if there is any solution for this senario... if i ebale IP modulo or IP hash for ECMP will this resolve the issue or PBF for symetric return ??
... View more
Hi one of our customer is facing an issue with Dynamic updates of WF . once the WF updates downloads automatically and starts the installation it get stuck at 0% and due to this commit job goes in queue. i have tried clearing the job manually but doesnt work and after rebooting the management plane the jobs get clear and commit is working . But when i try to download and install the WF update again it is getting stuck at 0% and again i have to reboot the management plane .Once i download the WF updates it shows that the download is successful and show the install option , but when i again click on check now the downloaded WF updates again shows download option even though it was already downloaded . The FW PA 500 , version is 7.1.2 and i suspect this is the BUG ID related but not sure - PAN-62797 , please advise if this is the issue which we are facing so i can advise the customer to upgrade the fw .
... View more
Hi Team please advise if there is any link to refer for IOD for PA 850 , the below link shows information for OID of all the models but not for PA 850 https://live.paloaltonetworks.com/t5/Management-Articles/SNMP-for-Monitoring-Palo-Alto-Networks-Devices/ta-p/61052
... View more