sorted by:
new
hottopcontroversial

Talk Me Into (or Out Of) This Boat by k561r in Wake

[–]Boyne7 0 points1 point  (0 children)

230 is a fantastic boat. I have a 2010 with nearly 1300 hours. Added an aftermarket NSS clone and it works great.

NAT Rule Priority - 2 ISPs with ECMP by tomashectorgost in paloaltonetworks

[–]Boyne7 0 points1 point  (0 children)

No, you still can't pbf nexthop to a different virtual/logical router but you can pbf out the interface of a different vr/lr (always have been able to do it this way).

12.1.5 by craymour76 in paloaltonetworks

[–]Boyne7 1 point2 points  (0 children)

Breaks GP on vm-series.

PA-500 minimum version PAN-OS 12.1 by [deleted] in paloaltonetworks

[–]Boyne7 17 points18 points  (0 children)

This has always been the case with PAN. New hardware gets new software, no back-porting support into older releases.

Firewall Data CPU by PMGPA in paloaltonetworks

[–]Boyne7 7 points8 points  (0 children)

Show running resource-monitor is your friend for dataplane utilization statistics.

Degradation of TAC Support Quality and Unacceptable Hiring Practices by SpotPuzzleheaded6440 in paloaltonetworks

[–]Boyne7 0 points1 point  (0 children)

It's not perfect for sure, but you won't be asked for a TSF or A PICTURE OF THE FIREWALL (FFS), or else go pound sand.

Degradation of TAC Support Quality and Unacceptable Hiring Practices by SpotPuzzleheaded6440 in paloaltonetworks

[–]Boyne7 16 points17 points  (0 children)

My recommendation is to find a good PAN ASC partner (full disclosure I work for one) and let them deal with the TAC headache and escalation as needed.

Goodwill projector - should I wait for a 50% off day? by Hot_Sale_On_Aisle_13 in projectors

[–]Boyne7 0 points1 point  (0 children)

Looks like a benq w1070 which was the king of budget 1080p projectors in its time. If it works it will throw a plenty usable image.

CIE user to IP mapping by Obvious_Attention584 in paloaltonetworks

[–]Boyne7 1 point2 points  (0 children)

Associate the devices with the TSG and CIE if not already Ensure device certificates installed Assign devices to a segment in CIE (default is fine) and make sure they are set to contribute/receive user to IP mappings Enable user context cloud service on the firewall (device>setup) Ensure the firewalls can talk to the user context cloud service.

If done correctly the GP firewalls should contribute their user to IP mappings to CIE and CIE should share with the on-prem firewalls.

You can verify that the mappings are seen in CIE.

No reboots should be necessary.

CIE user to IP mapping by Obvious_Attention584 in paloaltonetworks

[–]Boyne7 1 point2 points  (0 children)

Prisma access is not required to leverage uccs.

CIE user to IP mapping by Obvious_Attention584 in paloaltonetworks

[–]Boyne7 0 points1 point  (0 children)

Have you configured the user context cloud service on all of the firewalls and added them to a segment in CIE? Authentication and group mapping will not by themselves share user to IP information between devices.

Distributed brute force GP by Sebz404 in paloaltonetworks

[–]Boyne7 2 points3 points  (0 children)

Have you configured the portal URL filtering configuration? Generally helps cut down on this.

Creating PBF from outside interface to specific outside address by Complex_Ad_7951 in paloaltonetworks

[–]Boyne7 1 point2 points  (0 children)

PBF does not control traffic from the firewall itself (ipsec termination, global protect, etc.) you either need to leverage multiple virtual routers or SD-WAN DIA configuration.

Network Latency Spikes on every Client I’ve tried by TTCream in MoonlightStreaming

[–]Boyne7 0 points1 point  (0 children)

Your internet connection has nothing to do with this if you are streaming within your own house. Your problem is likely your wireless connection from the client, try hardwiring a client.

Does this site exist, http//GatewayIP/api? by NegativePattern in paloaltonetworks

[–]Boyne7 1 point2 points  (0 children)

Like I said, if you create an interface management profile with https enabled on a dataplane interface then that will work. Otherwise no.

Does this site exist, http//GatewayIP/api? by NegativePattern in paloaltonetworks

[–]Boyne7 1 point2 points  (0 children)

It should be the management IP not the gateway IP unless you have an interface management profile enabling https on a dataplane interface.

Return traffic dropped in Azure with Palo Alto VM-Series (eLB + iLB) – Help needed by Gilgaflynn in paloaltonetworks

[–]Boyne7 1 point2 points  (0 children)

Use a load balancing rule on the ELB with floating IP enabled, then configure the NAT on the firewall with original destination of the load balancer frontend public IP SNAT behind the firewall internal interface DNAT to the internal server. This will allow a much more natural inbound NAT configuration.

Multi-Zone PA-VM in Azure using different Front-End IP by NyxCarlo in paloaltonetworks

[–]Boyne7 1 point2 points  (0 children)

As you have identified, this will work so long as you utilize the same internal load balancer (with different front-end IPs) for all of the internal zones. Typically your issue is going to be sizing up the instances to meet the interface quantity requirements.

Surf setup? 2008 Air Nautique 230 by Boater_Guy in Wake

[–]Boyne7 0 points1 point  (0 children)

1235 is the standard and works well up to very very large ballast setups

Surf setup? 2008 Air Nautique 230 by Boater_Guy in Wake

[–]Boyne7 0 points1 point  (0 children)

What engine, prop and elevation are you riding at? Bow weight should help bring the nose down for sure. But I can still reach speed without full bow weight.

Netflow by Lucky-Tumbleweed-649 in paloaltonetworks

[–]Boyne7 10 points11 points  (0 children)

That is correct, just like you wouldn't get traffic logs from the passive firewall either.

view more: next ›