This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About neilwu

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
neilwu
‎10-21-2024
since ‎03-20-2012
L2 Linker
User Activity
User Profile
Latest posts by neilwu
View All
User Badges
Community Statistics
Member Since ‎03-20-2012 03:28 AM
Date Last Visited ‎10-21-2024 05:43 AM
Posts 15

Why traffic log shows that traffic match allow policy but the result was reset by default deny policy?

by in General Topics
‎03-02-2021 07:25 AM
‎03-02-2021 07:25 AM
Does anyone have following experience and could give me some idea to fix this issue?   Thanks a lot ~   I found sometimes the traffic log shows that traffic match allow policy but the result was reset by default deny policy.   For example:   I have a policy for allow some users to access TCP 58975. I checked traffic log and I found traffic be reset by interzone-default during 2/11 08:07:16 to 2/12 08:02:31 I already checked threat log and there is no log about drop or reset for this traffic. And I checked configuration log and there is no change record.   I have a clue, this PA-3020 update apps-content everyday at 8:00. Traffic begin reset at 2/11 08:07:16 that just update to 8374-6528. And after 24 hours traffic be allow at 2/12 08:02:31 that also just update to 8375-6541. But I'm not sure is it can cause this problem because I think the policy allow any application so it should be allow if traffic match L3 to L4 rule. And I'm not sure that always happen after apps-content update in the first few times.   I have open a case but support says they need capture packets or they doesn't have enough data to analysis this issue. That is problem because I can not reproduce this situation.   PA-3020 PAN-OS : 8.1.16   ... View more

Data Filtering log without File Name !?

by in General Topics
‎05-16-2017 02:00 AM
‎05-16-2017 02:00 AM
Hi,   As the subject, does anyone seen this situation?  Thanks.   ... View more

Re: Config Audit Failure

by in General Topics
‎04-11-2016 08:06 PM
‎04-11-2016 08:06 PM
show management-clients Client PRI State Progress ------------------------------------------------------------------------- routed 30 init 0 ha_agent 25 init 0 device 20 init 0 ikemgr 10 init 0 keymgr 10 init 0 (op cmds only) logrcvr 10 init 0 dhcpd 10 init 0 varrcvr 10 init 0 l3svc 10 init 0 sslvpn 10 init 0 rasmgr 10 init 0 useridd 10 init 0 satd 10 init 0 websrvr 10 init 0 sslmgr 10 init 0 authd 10 init 0 pppoed 10 init 0 dnsproxyd 10 init 0 cryptod 10 init 0 dagger 10 init 0 (op cmds only) l2ctrld 10 init 0 ... View more

Config Audit Failure

by in General Topics
‎04-06-2016 01:25 AM
‎04-06-2016 01:25 AM
Hello~   Does anyone know this failure message that we use Config Audit for compare configuration?   Thanks!   (PA-3020, v6.1.4)   Failed to create config file!   ... View more

Re: How to add additional disk space on Esxi VM series ?

by in General Topics
‎12-28-2015 12:13 AM
‎12-28-2015 12:13 AM
Hi,    Thank you! I tried to add an additional disk of 16G to the VM and then reboot this appliance. But I can not log-in the appliance and the console shows "Cache data unavailable" after reboot.   Few minutes later, It's can be log-in and working. But I can not see the new disk or new partition by "show system disk-space" or "show system logdb-quota".   My VM-100 already upgraded to version 7.0.4. ... View more

How to add additional disk space on Esxi VM series ?

by in General Topics
‎12-27-2015 08:10 PM
‎12-27-2015 08:10 PM
Hi,   The VM-Series Deployment Guide says we can add additional disk space of 40GB to 2TB for logging purposes.   Does anyone know how to do that in production?   Thanks. ... View more
Labels:

Why connections count of ASA is much more than PA's ?

by in General Topics
‎10-22-2015 10:28 AM
‎10-22-2015 10:28 AM
Hi,   I use V-Wire between ASA and core switch. I found the connections count of ASA is much more than PA's. Does anyone know how to explain about this ?   Thanks.     ... View more
Labels:

Re: How to work about multiple User-ID Agent in an appliance ?

by in General Topics
‎09-02-2015 07:29 PM
‎09-02-2015 07:29 PM
Hi,   Many thanks for your clearly discription. ... View more

Re: How to work about multiple User-ID Agent in an appliance ?

by in General Topics
‎09-02-2015 07:23 PM
‎09-02-2015 07:23 PM
Hi,   Thank you for your suggestion. There is no replication so I think I need to deploy all User-ID agenet at each one PA appliance. But that is a good point, I would like to set replication in each site. ... View more

How to work about multiple User-ID Agent in an appliance ?

by in General Topics
‎09-01-2015 04:44 AM
‎09-01-2015 04:44 AM
Hi,   I have 3 domains in different locations (US, CN, TW) each one have its own User-ID agent. We deployed PA-3020 in each location and each one had set those 3 User-ID agents in the User-ID Agent configuration.   If a user account belong to US and it login at CN, how does the PA appliance to get account information ?  Does the PA in CN ask all 3 User-ID Agent ?    My customr concern about there are too many traffic to occupy their MPLS WAN bandwidth. I need to know the whole process and if we have some Doc. about this would be better.   Thanks a lot. ... View more

Re: About address object with FQDN and apply it to security policy.

by in General Topics
‎09-03-2014 11:50 PM
‎09-03-2014 11:50 PM
Thank you Mariano. Your description is very helpful for me. ... View more

About address object with FQDN and apply it to security policy.

by in General Topics
‎09-03-2014 10:40 AM
‎09-03-2014 10:40 AM
If I have a FQDN "abc.com" that have two DNS records 10.0.0.1 and 10.0.0.2. Then I create a  address object with FQDN type, and the value is "abc.com" When I use this object into security policy, how does it working? Does it become 10.0.0.1 or 10.0.0.2 ? or it will randomize according to catch? If a client connect to "abc.com", and the client's DNS (Ex. F5 GTM) resolve this FQDN become 10.0.0.1. but in the security policy, the PaloAlto Firewall says "abc.com" is 10.0.0.2. I think that would be a problem because sometimes it can match the rule and sometimes doesn't. My purpose is if I use address object with FQDN then PaloAlto Firewall can resolve all about this FQDN's IP address, and apply to rule dynamically. If the address object with FQDN always just can resolve one IP address, I think It should not be use. doesn't it? ... View more

Re: Does vwire mode still send TCP reset after drop packet ?

by in General Topics
‎04-21-2014 02:03 AM
‎04-21-2014 02:03 AM
Hi Hulk, Thanks for your description. But In Vulnerability Profile Actions, It's have this option. so if I use vwire mode and set the Vulnerability Profile Actions to be reset-server, does it can still send RST ? (In my LAB I don't receive the RST on my server) ... View more

Does vwire mode still send TCP reset after drop packet ?

by in General Topics
‎04-17-2014 11:13 PM
‎04-17-2014 11:13 PM
I can see the traffic status show "reset-server" but I can not receive RST packet for this session on the server. So I have a question, does  vwire mode still send  TCP reset after drop packet ? Thank you. ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎10-21-2024 05:43 AM
Latest Tags
No tags yet
Likes Given To
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks