About ttl_expired

Hi All,   Is it possible to graph the application bandwidth over time using something like SNMP?  Essentailly I am looking for your typical Bandwidth graph that you normally see with SNMP but I would like to graph it for just an application for example Facebook.   I know you can do with live with the QOS features but I would like to have this graphed over weeks or maybe months.  Does anyone know if we have MIB's that will extract these values or can we only do total bandwidth through the interface.   Thanks! ... View more

Hi All, When setting up email server profiles how can use use an smtp server that requires authentication. For example GMAIL requires you to pass your gmail account in order to forward mail. Thanks ... View more

Hi All,   Hoping someone can clear up some confusion I have with the processing speed fothe 7050 firewall.  The literature states that each NPC adds 20 Gbps of processing to the chassis.  You can scale out your deployment and speed by adding NPC's, the first packet processor will do the job of distributing the load accross the NPC.   Picture this scenerio:   I have 1 NPC and 3 10Gbps in/out connection setup (6 10Gbps ports used).  This would therotically have a total througput requirement of 30Gbps through the firewall.  This is greater then 20Gbps so I go out and buy and extra NPC but done plug anything it.   Would the 7050 be able to distribute half the session to the extra NPC (the one with no cables in it) and thus allow me to go over 20Gbps on one NPC.   for this to work that would mean that the physical ports on the NPC have direct access to the switch fabric.  My assumption is that the whole card is stuck at 20Gbps no matter what and you ahve to play the game of distributing your connections across multiple cards.   Thanks         ... View more

Hi All, This problem is a little confusing to explain but I will do my best to lay this out.  Keep in mind I have changed the IP addresses to keep examples simple. I have a Palo Alto 2020 with a basic configuration.  One internet connection and One LAN network behind it. The firewall has a public IP address of 5.5.5.2/24 with a default route pointing to 5.5.5.1. We ran out of IP space and the provider started to route a new  6.6.6.0/28 block to us , this now gives us a bunch more IP addresses to use.  I know that on the Palo Alto I simply have to create a NAT which references these new addresses and the Firewall will take care of the rest. I have created a NAT to translate traffic hitting 6.6.6.5 over port 443 to go to my internal server 192.168.1.10.  This works great, when someone surfs to https://6.6.6.5 they get my webpage. The weird issue is when someone pings 6.6.6.5.  The traffic ends up looping between my firewall and the ISP.  As far as I can tell since the Paloalto does not have a specific NAT for the ping, the packet gets forwarded by the routing table back out the ISP who in turn routes it back to me.  This is very confusing for people when they try to ping the website. Am I doing something wrong? Thanks! ... View more

Hi All, I need to perform a ram upgrade on a Cluster of PA-500's.  Is it possible to perform the upgrade in such a way that I will not incur an outage?  Thanks! ... View more

Hi all, I have a setup with two ISP's where one is active and the other is redundant sitting in a VR.  The routing and failover works fine but only if my actual link goes down on my main ISP which will pull the static route.  Is there a way to do a track IP type command in order to check for upstream failures of the ISP. Thanks! ... View more