About Venkatesan_radhakrishnan

Venkatesan_radhakrishnan · ‎04-16-2020

Hi @kiwi Thanks only you came here to help in this issue 🙂 appreciate your effort. I tried app overried and marking DSRI check box in sec poilcy. But it didn't help. When I see in my LAB it is working fine i can see more than 10 mbps traffic in wifi connected GP. But in customer environment im facing this issue where traffic is 355Kbps which is close to 2.5 to 3 Mbps. PANOS 9.0.4 GP version 5.0.8.running client environment. i dont thinks so MTU is issue here, because I can able to ping with load upto 1300 bytes without fragmenting. ping -f <server ip> -l 1300 Regards Venky

Venkatesan_radhakrishnan · ‎04-15-2020

Hi Team, We are using global protect to connect to corporate file sharing server. Once GP is connected we are able to copy and paste the file from fileserver which is mapped in my local machine. But the issue is it is very slow. Like only 373Kbps traffic only passing in it. But when we use different VPN like Sonic wall Speed is good. Can application override or disable server response inspection in policy will help in this case. Appreciate your comments. Regards Venky

Venkatesan_radhakrishnan · ‎04-07-2020

Hi Team, Software warranty license is showing expired in licenses tab. Is there any way to remove this option from PA license tab. Regards Venky

Venkatesan_radhakrishnan · ‎02-13-2020

Hello Brian, Did you get any update from TAC, I appreciate your response. Regards Venky

Venkatesan_radhakrishnan · ‎02-13-2020

Hello Brian, Did you get any update from TAC, I appreciate your response. Regards Venky

Venkatesan_radhakrishnan · ‎02-12-2020

You got any update from TAC or anyone update about this query

Venkatesan_radhakrishnan · ‎01-29-2020

Customer integrated NFS datastore with panorama to store logs. Now they are planning to change old NFS data store with new NFS data store, But their concern is they want old NFS datastore logs to be retained in new NFS datastore after migration and then new logs need to be logged to new NFS datastore. Please let me know if this is doable, I’m not seeing any document in online to achieve this requirement. Your comment will be helpful.

Venkatesan_radhakrishnan · ‎12-10-2019

I can install nginix in same web server or I need to setup different server for Nginx

Venkatesan_radhakrishnan · ‎12-10-2019

this is for traffic coming from outside to inside . How can I make the traffic coming from outside to inside to go as http

Venkatesan_radhakrishnan · ‎12-10-2019

The destination server is webserver only having service http not https. So it’s not possible to ssl inbound inspection I think. correct me if I’m wrong

Venkatesan_radhakrishnan · ‎12-10-2019

Hi Guys, I have a webserver hosted for public access using http. Now I want to know is it possible to NAT traffic entering to palo alto as https from outside to http as inside. So user will try to connect server using public IP on port 443 their port would get transalated to port 80 and go to internal destination server using destination NAT. IN Nat rule, I need to specify the public IP with port 443 and destination translation will local IP with port 80 right. In access rule, I need to all https only to that public IP right. Will this work? Regards Venky

Venkatesan_radhakrishnan · ‎12-03-2019

Hi Thanks for your comments, any update from support regarding the case you have opened? Also it will automatically upgrade when you connect to portal after laptop reboot. Regards Venky

Venkatesan_radhakrishnan · ‎11-06-2019

Hi All, Just a solution or workaround whatever you call, to fix this issue. Keep the allow user to upgrade option in app setting to "allow transparently" and commit configuration. So when next time user reboot his client machine and connect to portal automatically upgrade will happen at the backend. Regards Venky

Venkatesan_radhakrishnan · ‎11-05-2019

Hi All, Here I have more analysis, After it is prompted for upgrade and user selects No then it is not upgrading in forth coming attempt. Also no luck even we change option to transparent upgrade. But, When I refresh connection it is trying to establish connection with portal again and fetching setting which override cache in client machine. after this attempt transparent upgrade is happening smoothly. I'm seeing refresh connection option after 4.1, So 2.3.1 has option rediscover network but can't able to use it as it is hided. Regards Venky

Venkatesan_radhakrishnan · ‎11-04-2019

Hi Everyone, In this issue, I have used command "debug panorama-vld-mgr reset-logging-disk" and then rebooted panorama. Post this I can able to add virtual disk in panorama and it was reflecting in log disk storage. just writing this here, So it may help other who face this issue in future. Regards Venky

Venkatesan_radhakrishnan · ‎11-04-2019

Apologies if my words meant anything wrong. i have replicated this issue in version 2.3.1 and 4.1.10 but I don’t see resolution. your understanding is correct. In portal agent app setting have options upgrade with prompt. When this option is selected user can see prompt for upgrade but consider like he selected option No then he will be connected with same old version. later when user connects he is not prompted for upgrade and even if I change upgrade option to transparent no luck. thanks for insight in this issue

Venkatesan_radhakrishnan · ‎11-04-2019

Hi steve I believe then you didn’t get my issue clearly. Assume like you have version 5.0.1 now you want to upgrade to 5.0.3. In portal set the option agent -> app -> allow upgrade with prompt. Now connect it will ask for upgrade select option no. now get back to portal change option agent -> app -> upgrades transparently. commit configuration. go to client machine and try to connect now and see if you are seeing option to upgrade and silent upgrade is happening. It will not happen this is issue regards venky.

Venkatesan_radhakrishnan · ‎11-04-2019

Hi Team, I have an issue, where customer is not able to update global protect app using transparent option. I'm explaining the issue in very detail to avoid confusion. User machine is installed with client version 2.3.1. During the time of deployment portal app setting was configured to upgrade "allow user to upgrade with prompt" Now global protect client upgraded to version 5.0.2 in firewall then when user tried to connect global protect portal from agent he was prompted to do upgrade the latest agent version instead of yes, user selected no.After this user is still connecting using old version 2.3.1 to portal/gateway. Now I don't have any option to block older GP version connection. If by HIP logs also I can only block traffic not GP agent connection. I have changed the app setting option from "allow user to upgrade with prompt to transparently but agent is not getting upgraded transparently. Because when it connected after GP client version 5.0.2 upgrade I said "no". Now I changed it to transparent but upgrade is not happening. Please suggest how can I block GP older version or upgrade it transparently in this scenario. @reaper Your comments would have helped me lot to resolve many issue,It will be very useful if you suggest your option. Regards Venky

Venkatesan_radhakrishnan · ‎10-20-2019

Why we are not able to proceed this way. https://docs.paloaltonetworks.com/panorama/8-0/panorama-admin/set-up-panorama/set-up-the-panorama-virtual-appliance/expand-log-storage-capacity-on-the-panorama-virtual-appliance/add-a-virtual-disk-to-panorama-on-an-esxi-server.html Regards Venky

Venkatesan_radhakrishnan · ‎10-19-2019

Hi Team, I have replicated this issue in Vmware, I'm facing issue like below. I added two 2TB disk in panorama in vmware but disk status is always unavailable. Why it is like can someone suggest to fix this issue. admin@Panorama> show system disk details Name : sdb State : Present Size : 2088960 MB Status : Unavailable Reason : Admin disabled Name : sdc State : Present Size : 2088960 MB Status : Unavailable Reason : Admin disabled admin@Panorama> Regards Venky

Venkatesan_radhakrishnan · ‎10-19-2019

Hi, Any resolution for this issue. Regards Venky

Venkatesan_radhakrishnan · ‎10-19-2019

Also, I'm confused even there is space for traffic logs why retention is one day. show system logdb-quota Quotas: system: 8.00%, 1.880 GB Expiration-period: 0 days config: 8.00%, 1.880 GB Expiration-period: 0 days appstat: 5.00%, 1.175 GB Expiration-period: 0 days traffic: 29.00%, 6.814 GB Expiration-period: 0 days threat: 16.00%, 3.760 GB Expiration-period: 0 days trsum: 3.00%, 0.705 GB Expiration-period: 0 days hourlytrsum: 1.00%, 0.235 GB Expiration-period: 0 days dailytrsum: 1.00%, 0.235 GB Expiration-period: 0 days weeklytrsum: 1.00%, 0.235 GB Expiration-period: 0 days urlsum: 3.00%, 0.705 GB Expiration-period: 0 days hourlyurlsum: 1.00%, 0.235 GB Expiration-period: 0 days dailyurlsum: 1.00%, 0.235 GB Expiration-period: 0 days weeklyurlsum: 1.00%, 0.235 GB Expiration-period: 0 days thsum: 3.00%, 0.705 GB Expiration-period: 0 days hourlythsum: 1.00%, 0.235 GB Expiration-period: 0 days dailythsum: 1.00%, 0.235 GB Expiration-period: 0 days weeklythsum: 1.00%, 0.235 GB Expiration-period: 0 days extpcap: 1.00%, 0.235 GB Expiration-period: 0 days hipmatch: 3.00%, 0.705 GB Expiration-period: 0 days gtp: 2.00%, 0.470 GB Expiration-period: 0 days gtpsum: 1.00%, 0.235 GB Expiration-period: 0 days hourlygtpsum: 1.00%, 0.235 GB Expiration-period: 0 days dailygtpsum: 1.00%, 0.235 GB Expiration-period: 0 days weeklygtpsum: 1.00%, 0.235 GB Expiration-period: 0 days auth: 1.00%, 0.235 GB Expiration-period: 0 days userid: 1.00%, 0.235 GB Expiration-period: 0 days sctp: 0.00%, 0.000 GB Expiration-period: 0 days sctpsum: 0.00%, 0.000 GB Expiration-period: 0 days hourlysctpsum: 0.00%, 0.000 GB Expiration-period: 0 days dailysctpsum: 0.00%, 0.000 GB Expiration-period: 0 days weeklysctpsum: 0.00%, 0.000 GB Expiration-period: 0 days Disk usage: traffic: Logs and Indexes: 361.8MB Current Retention: 1 days threat: Logs and Indexes: 8.9MB Current Retention: 1 days system: Logs and Indexes: 3.5MB Current Retention: 1 days config: Logs and Indexes: 4.0MB Current Retention: 1 days trsum: Logs and Indexes: 88.0MB Current Retention: 1 days hourlytrsum: Logs and Indexes: 115.8MB Current Retention: 1 days dailytrsum: Logs and Indexes: 12.2MB Current Retention: 1 days weeklytrsum: Logs and Indexes: 0 Current Retention: 0 days thsum: Logs and Indexes: 8.3MB Current Retention: 1 days hourlythsum: Logs and Indexes: 1.7MB Current Retention: 1 days dailythsum: Logs and Indexes: 164.0KB Current Retention: 1 days weeklythsum: Logs and Indexes: 0 Current Retention: 0 days appstatdb: Logs and Indexes: 1.4MB Current Retention: 1 days hipmatch: Logs and Indexes: 0 Current Retention: 0 days extpcap: Logs and Indexes: 0 Current Retention: 0 days urlsum: Logs and Indexes: 24.0KB Current Retention: 0 days hourlyurlsum: Logs and Indexes: 24.0KB Current Retention: 0 days dailyurlsum: Logs and Indexes: 12.0KB Current Retention: 0 days weeklyurlsum: Logs and Indexes: 0 Current Retention: 0 days gtp: Logs and Indexes: 0 Current Retention: 0 days gtpsum: Logs and Indexes: 24.0KB Current Retention: 0 days hourlygtpsum: Logs and Indexes: 24.0KB Current Retention: 0 days dailygtpsum: Logs and Indexes: 12.0KB Current Retention: 0 days weeklygtpsum: Logs and Indexes: 0 Current Retention: 0 days auth: Logs and Indexes: 0 Current Retention: 0 days userid: Logs and Indexes: 0 Current Retention: 0 days sctp: Logs and Indexes: 0 Current Retention: 0 days sctpsum,: Logs and Indexes: 0 Current Retention: 0 days hourlysctpsum: Logs and Indexes: 0 Current Retention: 0 days dailysctpsum: Logs and Indexes: 0 Current Retention: 0 days weeklysctpsum: Logs and Indexes: 0 Current Retention: 0 days Space reserved for cores: 0MB Regards Venky

Venkatesan_radhakrishnan · ‎10-19-2019

Hi Team, We have panorama in legacy mode. We deployed it using 8.1 ova file by default it too 80GB storage and allocated 11GB for logging. Now we want to add additional virtual disk in esxi server. When we add additional disk it by following below KB. https://docs.paloaltonetworks.com/panorama/8-0/panorama-admin/set-up-panorama/set-up-the-panorama-virtual-appliance/expand-log-storage-capacity-on-the-panorama-virtual-appliance/add-a-virtual-disk-to-panorama-on-an-esxi-server.html It shows like disk is unavailable when we try to add it shows I need to be in panorama mode. Can you someone let me know how to fix this issue. Panorama> show system disk details Name : sdb State : Present Size : 204800 MB Status : Unavailable Reason : Admin disabled Panorama> request system disk add sdb Executing this command will delete all data on the drive being added. Do you want to continue? (y or n) You are currently in legacy mode. You must be in logger of panorama mode to add a disk

Venkatesan_radhakrishnan · ‎09-18-2019

Hi Team, We have configured SAML SSO authentication for Global protect. Microsoft Azure has the active directory we have configured it as identity provider and service provider as Palo alto global protect. Trust established between Idp and SP and we are able to authenticate portal using microsoft azure. But the problem in allowing list in authentication profile and user/user group in Global protect gateway, When azure signs the SAML assertion from Palo alto it authenticates and sends the SAML response as UPN name from the username attribute in azure. Palo alto retived this UPN name and allowing the global protect portal and gateway configuraion only if we set the allowlist to any and user/user group to any. If we specify the username in UPN format or domain name format it is not able to validate the username and throws an error while connecting to gateway as "Matching client config not found". palo alto says you cannot configure the firewall to modify the domain/username string that a user enters during SAML logins, the login username must exactly match an Allow List entry. But when I configure this UPN name as a match in allowlist or user/user group it is not matching and working. Group mapping also not working in this case as server profile will normalize only for AD. Is there a way to normalize UPN name to domain format or any other way to restrict the allowlist in authentication profile and user/user group in gateway. Please let me know if you need more information. Regards Venky

Venkatesan_radhakrishnan · ‎09-08-2019

Hi Team Im trying to configure Global protect prelogon for some users. I have configured everything, here the challenging part is configuring machine certificate for authenticating users. I have create Self signed root ca in firewall and created client Cert signed by that rootCA. But when I call this rootCA in certificate profile I have been asked pan os to configure it with username filled. I cant able to configure it with username field none and configure that certificate profile in gateway authentication- certificate profile firewall shows commit error whereas same configuration I can able to do in PANOS8.1 is this default behaviour change or bug regards venky

Venkatesan_radhakrishnan · ‎09-07-2019

HI Problem is happening for last 2 months its not with only one firewall, all connected firewalls are disconnected and connecting again. CPU load is normal not much high. Regards Venky

Venkatesan_radhakrishnan · ‎09-05-2019

Hi Team, I'm facing issue where firewall and Panorama keeping disconnected every minute. It is getting connected and disconnecting. This happens within a minute, I have checked the reachability is fine between panoraman and firewall and port is open. I'm seeing in system logs TLS session disconnected not sure but again it is connecting. PAN OS 8.1.8 M-100 series appliance This happens will all my managed devices with Panorama, Also important I have some firewall in same network of Panorama which is also having issue. Any help in this issue will be greatful

Venkatesan_radhakrishnan · ‎09-05-2019

Can you text compare and see all files are having same configuration.

Venkatesan_radhakrishnan · ‎09-05-2019

Check this article for kswap in high peak. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClUbCAK

Venkatesan_radhakrishnan · ‎09-04-2019

Hi @reaper I have taken running config xml file removed user-id agent and sequence configuration, change the file name uploaded and committed the changes it worked. However thanks for your attention @reaper and help. Regards Venky

Date Registered	‎09-17-2018 11:54 PM
Date Last Visited	5m ago
Total Messages Posted	111
Total Likes Received	4

Online Status	Offline
Date Last Visited	5m ago

Strata

Prisma

Cortex

About Venkatesan_radhakrishnan