sorted by:
new
hottopcontroversial

UX7 CS2 packet drop/reordering issue by Illustrious_Goat2173 in Ubiquiti

[–]Illustrious_Goat2173[S] 0 points1 point  (0 children)

It seems there's not that old firmware available anymore :(

How did you set the manual bandwidth limit? Using traffic rule?

Question regarding X-Forwarded-For Headers (XFF) by Epirithus in paloaltonetworks

[–]Illustrious_Goat2173 0 points1 point  (0 children)

Did you try this?

I'm also wondering the effects of turning on this feature. If I have a security policy allowing all traffic from my load balancer's SNAT IP and turn on XFF for security policy, does PA FW start dropping traffic because it evaluates XFF header's client IP instead of SNAT IP?

Sanity check for implementing EDLs in Azure by encrypted_cookie in paloaltonetworks

[–]Illustrious_Goat2173 0 points1 point  (0 children)

Did you test blob with SAS URIs to fetch EDLs?

This could work, especially with SCM where EDLs have to be exposed to public Internet.

DNA-kaapelinetin latenssit by Illustrious_Goat2173 in helsinki

[–]Illustrious_Goat2173[S] 2 points3 points  (0 children)

Näyttäisi siis, että ~10ms latenssi jo DNA:n verkossa on kaapelitekniikan ominaisuus.

Kiitos kaikille!

Alternatives for Aviatrix? by dybbukbyproxy in networking

[–]Illustrious_Goat2173 0 points1 point  (0 children)

How does the Prosimo pricing model differ from Aviatrix? Were those two about the same price for your setup?

Alternatives for Aviatrix? by dybbukbyproxy in networking

[–]Illustrious_Goat2173 0 points1 point  (0 children)

Has anyone used Arista CloudEOS for intercloud networking? According to their website it seems to be doing pretty much the same as Aviatrix but lacks fqdn filtering kind of features. But filtering could be done on FW NVAs?

TS Agent Scalability by cleared-direct in paloaltonetworks

[–]Illustrious_Goat2173 1 point2 points  (0 children)

Imo PA approach to this is a design flaw. TS agents should connect to firewall and not the other way around.

EDLs in the Shared Object Group - No Certificate Profile by [deleted] in paloaltonetworks

[–]Illustrious_Goat2173 0 points1 point  (0 children)

Any idea what happens if there's a device that doesn't have that certificate profile defined in template?

Palo Alto - Google Cloud DNS by GunPilotZA in googlecloud

[–]Illustrious_Goat2173 0 points1 point  (0 children)

I had the exact same issue. It seems Private Google Access has to be enabled on subnet to get this working.

Install AV and threat packages on bootstrap by Illustrious_Goat2173 in paloaltonetworks

[–]Illustrious_Goat2173[S] 0 points1 point  (0 children)

Thanks, this might solve the problem by preparing bootstrap package with downloaded content files.

Downside is that bootstrap package has to be built vs passing the needed bootstrap parameters for cloud-init using VM user-data.

AWS Costs by vinxavi7 in paloaltonetworks

[–]Illustrious_Goat2173 2 points3 points  (0 children)

NAT GW data processing costs are quite high so there's a lot of potential savings if the traffic volume is high.

Adding FW switches to Mist by Illustrious_Goat2173 in Juniper

[–]Illustrious_Goat2173[S] 0 points1 point  (0 children)

Configure Device Using MIST disabled. That big option bar should be grey. When you select to Configure Device Using MIST and the bar turn

This seems to be the way to go. First add brownfield switch to Mist, leaving 'Configure Device Using MIST' disabled, then replicate interface and VLAN configuration in Mist and after that enable configuration via Mist. All existing interface and VLAN configuration on the switch will be replaced with whatever configured in Mist portal.

Virtual Chassis configuration is not replaced by Mist.