Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- ›
- About qdimclark
About qdimclark
Announcements
Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Monday
9Posts
0Likes
0Solutions
Apr 12, 2021Last Visited
User
Activity
User
Profile
Latest posts by qdimclark
| Subject | Views | Posted |
|---|---|---|
| 166 | 03-03-2021 12:18 PM | |
| 197 | 03-03-2021 12:05 PM | |
| 217 | 03-03-2021 08:11 AM | |
| 285 | 03-02-2021 10:38 AM | |
| 3068 | 06-17-2020 01:34 PM |
User Badges
Public Statistics
| Date Registered | 04-25-2018 03:29 PM |
| Date Last Visited | Monday |
| Total Messages Posted | 9 |
03-03-2021
12:18 PM
That's the solution we're going to implement once I get the config changes to the PA, the Merakis and our Core finalized. Thanks again for your help Tom.
... View more
03-03-2021
12:05 PM
Also, just and FYI Merakis can only use BGP within their AutoVPN (SD-WAN) feature. They can not use it in the scenario shown above.
... View more
03-03-2021
08:11 AM
That's what I suspected. But with limited BGP knowledge I thought I'd ask. Thanks!
... View more
03-02-2021
10:38 AM
We currently have this setup in our datacenter. The Meraki HA pair is the VPN endpoint for our 120+ remote sites. In a DR situation the datacenter has IP mobility, where our current static IPs will failover. This setup uses BGP through the Palo. With BGP enabled on the Palo HA Pair and datacenter’s internet the Meraki HA pair is inaccessible, which means the remote sites have no connectivity to the data center. The BGP config is exporting the 1.1.1.0/27 subnet, which obviously includes the Meraki IPs Can we configure a rule on the Palo to allow traffic destined for the Meraki HA Pair to go to the Merakis without any other cabling or configuration changes? The rule would look like this. Additionally it would allow only specific ports and protocols as needed. To makes any other changes would require re-designing our current topology. We're trying to avoid that scenario for now. Thanks in advance!
... View more
06-17-2020
01:34 PM
With only 4 firewalls, we're not using Panorama. Working with support we ran the command you mentioned. And then ran "commit force." That worked for the passive peer of our HA pair. We're scheduling a window to failover to that for testing. Part of this issue was that the new app-threat updates would break a sec policy. When we reviewed the apps against our policies it didn't match with what broke. A new app-id would only affect security policy A according to the review. When it was enabled it broke policy B. The latest thinking is that content updates are corrupted. But more testing will reveal that. Thanks for replying!
... View more
06-17-2020
08:56 AM
Thanks for replying! We're still in the planning stages, so it'll be some time before we try. But reading these responses, as well as talking with support and our local sales engineer I'm pretty confident we'll have few issues.
... View more
06-05-2020
10:38 AM
Forgot to mention that we ran this on the disabled app-ids and it made no difference for us. request set-application-status-recursive enable-dependent-apps yes application <appplication-name> status enabled
... View more
06-05-2020
10:36 AM
We've had this happening for a bit now. Runing this command in the CLI showed no disabled app-ids. request get-disabled-applications Running this command, however, did show disabled app-ids. show running application disabled According to support this is only a cosmetic issue. They also said that it was fixed in 8.1.14, which we installed and found its still happening now. They suggested this article, which we've not implemented yet. https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-new-features/app-id-features/app-id-ease-of-use/app-id-characteristic/allow-new-app-ids.html
... View more
06-04-2020
02:35 PM
@Ash2k How did this end up working for you? We're about to do the same thing, so I'm wondering if there were any surprises. Thanks.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Monday
|
Latest Tags
No tags yet
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
