About nagarjuna.b

Hi Everyone,    Hope everyone doing well.  we have setup a windows based User ID. but one problem I saw with that is, it is receiving accounts with $ sign in the last. I believe these are service type accounts and if yes we would like to exclude them on the firewall as we don't want the service accounts to be allowed to go to internet. we have 5650 accounts like this. Palo has a limit of 5000 accounts for Ignore User list. Is there a better way to exclude these accounts on Palo? or is there a better a way to setup on DC's not to forward these accounts to palo?    Regards, Nagarjuna  ... View more

Hi everyone,   I am working on redistributing static routes into BGP routing table on PA 3260. I have few questions and I would like to confirm with you as I am little unsure of all the settings.   Scenario:  I have 30 static routes under a virtual router called default. I am building BGP on the same router and need to advertise all those static routes into BGP routing table.   I have configured redistibution profile source type as static. I haven't define any interface, destination, nexthop values as I want to redistribute all static routes and I believe PAN able to identify those routes from the list of static routes? Is this correct? or Do I need to define all statci routes in here that are needs to be redistributed?    2. I have defined redistribution rules and called the redistribution profile that I created earlier. I have set the origin as IGP for those routes as they are from the same router default. Is this correct?   is this the enough config to establish a BGP with downstream router and redistribute static routes into the RIB?   Please let me know if I am missing anyhting in here.   Thanks, Nagarjuna   ... View more

Hi,   I have recently migrated the R77.30 Checkpoint config to migration tool and eventually to PANORAMA, whatever I do, its not migrating the Zones, when I merge the migrated config with base config the zones are disappearing. I am not seeing them in the base config aftrer the merge?    Does anyone ran into this kind of issue when you are doing the migrations?   Regards, Nagarjuna  ... View more

Hi There,   I have a generic question about the Palo alto way of treating sub interfaces? Can I do sub interface on one of the physical interface for one netwrok address? for example, I did sub interface the ethernet1/5 as ethernet 1/5.123 and configured the netwrok 10.11.12.13/24 and no other networks exist on overall that physical interface. Connection to downstream switch is trunk by the way with allowing native vlan and vlan 123?    I believe we can do this, as I couldn't recall exactly what I did preaviuosly, but I did ran into issues with Cisco ASA firewall,  when I ran a trunk from switch to ASA and allowing only native and one custom vlan, ASA didn't accept the packets coming from the custom vlan when I did subinterface for that one vlan.       ... View more

Hi there,   We are implementing aggregated interfaces on PA 5250. I have configured 10 aggregated subinterfaces from two physical interfaces. when I enabled the LACP on the aggregated interface group, the maximum interfaces is set to 8 by default. I believe this is number of physical interfaces that are active at any given time right? if that is it, in my case do I have to set that value to 1 cause I only aggregated two physical interfaces?    Please let me know your thoughts.   Best regards, Nagarjuna   ... View more