Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About roadracer96
About roadracer96
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
03-21-2018
11Posts
1Like
2Solutions
Mar 21, 2018Last Visited
User
Activity
User
Profile
Latest posts by roadracer96
| Subject | Views | Posted |
|---|---|---|
| 2288 | 05-23-2014 08:40 AM | |
| 401 | 05-23-2014 08:31 AM | |
| 263 | 04-01-2013 07:38 AM | |
| 297 | 04-01-2013 05:56 AM | |
| 1130 | 03-26-2013 03:31 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 03-12-2013 04:15 PM |
User Badges
Public Statistics
| Date Registered | 01-03-2013 01:43 PM |
| Date Last Visited | 03-21-2018 07:50 AM |
| Total Messages Posted | 11 |
| Total Likes Received | 1 |
05-23-2014
08:40 AM
Last I heard, they are working on it.. Hard to believe they didn't have it already.
... View more
05-23-2014
08:31 AM
Toying around with it and it will redistribute any other route, but not ::/0. It also doesn't honor the "Reject Default Route" flag. 6.0.2, PA5050
... View more
Labels:
- Labels:
-
Networking
04-01-2013
07:38 AM
I think I figured what I was doing wrong. I think the policy was matching on return from the packet shaper and being sent through it again until TTL expired.
... View more
04-01-2013
05:56 AM
An over-simplified explanation of my setup. Trust me, it just has to be this way. ethernet1/1 - Internet 1.2.3.1/24 ethernet1/2 - LAN 10.10.10.1/24 Nat/dnat/1-1 nat between ethernet 1/1 and 1/2 I have a traffic shaping appliance that I need to loop data through BEFORE NAT on the palo. Trust me when I say I just cant stick it between the lan and palo. In a nutshell, I have multiple virtual systems that all need to be looped through the shaper in a complex network. Only data destined for the internet should go through the traffic shaper. I WANT to do this: ethernet1/1 - Internet 1.2.3.1/24 ethernet1/2 - LAN 10.10.10.1/24 ethernet1/3 - 10.0.0.1/30 Shaper Internal side, in LAN zone ethernet1/4 - 10.0.0.2/30 Shaper External side in LAN zone The shaper is transparent. It would be the same as ethernet1/3 and 1/4 being patched together. Policy forwarding. Anything outbound to internet from lan zone, next hop 10.0.0.2 egress interface ethernet 1/3 Anything coming in from internet zone to lan, next hop 10.0.0.1 egress interface ethernet 1/4 I tried this once with to virtual routers in the vsys and routing between them. It didnt work as I expected. I stopped there and figured I would ask if im barking up the wrong tree and it just isnt going to work. Input welcome! Thanks!
... View more
Labels:
- Labels:
-
Networking
03-26-2013
03:31 PM
So is it confirmed that all routing, firewalling, and forwarding functionality works if you restart software? Including OSPF routing. The management web interface stopped responding. CLI still works. Just cant get to the web interface. If I restart software, traffic will still pass through, right?
... View more
03-12-2013
04:15 PM
1 Kudo
Its working. The addresses were coming back after I cleared the cache. I just had to wait it out. Just impatient. Sorry for the bum question!
... View more
03-12-2013
11:19 AM
Im going to leave it overnight. I think, maybe, Im just impatient... LOL. That, and I had to put a final allow line at the bottom...
... View more
03-12-2013
09:55 AM
I just did it. The same thing happened. All the IPs learned from the AD servers in the excluded range went away. Im not completely clear on what enabled and discovery are for. They seem to have differing functions.
... View more
03-12-2013
08:46 AM
Looking to ignore IPs, not users. Certain IPs I dont want to ever be associated with a user.
... View more
03-11-2013
03:32 PM
I tried that. But that makes it so the mapping isnt learned from the AD servers themselves. Example. AD Servers at 10.0.0.1/16 and 10.0.0.2/16. I dont want to learn who is logged onto the AD servers, or any other server in the 10.0.0.0/16 subnet. Only clients in another subnet. I put exclude 10.0.0.0/16 in that list and then NOTHING gets learned except the IPs from RADIUS accounting. Just seems like it is malfunctioning somehow. EDIT: IIRC, that made it so it wouldnt discover the AD servers themselves. Because the servers in the box above disappeared shortly afterwards. EDIT2: To clarify. If I have 10.0.0.0/16 and AD servers 10.0.0.1/10.0.0.2 and other misc servers or appliances at 10.0.0.20-25. I do not want a username to ever be associated with IPs 10.0.0.1, 10.0.0.2, 10.0.0.20-25.
... View more
03-11-2013
11:38 AM
Working on setting up a 5050 with user-id mapping against 2 domain controllers. the agent-less, WMI based setup is working fine thus far, except I cant figure out how to exclude certain IP ranges. For instance. We have a VPN appliance that does Kerberos authentication to the AD Domain. Everytime a user logs in, it associates the IP of the device requesting authentication as a user-id map. Id like to just exclude that device from ever being learned. Along with the domain controllers and some other servers themselves. I have tried a few different include/excludes on all the zones with UID turned on, but it doesnt seem to stop those IPs from being learned. PanOS 5.0.2
... View more
Labels:
- Labels:
-
Configuration
-
Troubleshooting
-
User-ID
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
