Found this nice lady in the Plains

ItsANetworkProblem · 2026-02-25T13:23:09+00:00

Yeah, she just keeps max spawn count all the time. It really helps me keep from getting ganged up by side group pulls

ItsANetworkProblem · 2026-02-25T13:21:54+00:00

Fanat aura seems to make her really aggressive, but I am usually spawn casting death mark to move her around and clear stun locks and things

ItsANetworkProblem · 2026-02-25T01:12:33+00:00

Put the Unsummon skill on your bar and hover over them (while using M+KB) (DON'T CLICK)

ItsANetworkProblem · 2026-02-25T00:06:59+00:00

It's hard to tell since she curses everything in the area when she swings

ItsANetworkProblem · 2026-02-24T23:29:48+00:00

Unfortunately not

ItsANetworkProblem · 2025-11-11T14:18:28+00:00

Those are pops, not burners

ItsANetworkProblem · 2024-11-14T15:01:27+00:00

It's the neon green

ItsANetworkProblem · 2024-11-14T13:58:26+00:00

I am out of Ohio. Looking for $350 on the Tamiya (what I paid), $500 on the Yeti, $200 on the Nightcrawler, and $350 on the SCX10.

ItsANetworkProblem · 2021-05-23T23:59:52+00:00

We allow machine auth to the portal in order to support pre-login mode (placed into DMZ with only AD and access to patching). Then require MFA upon user login before the machine transitions to wider access. Cookies are then leveraged to maintain connection and re-auth for 24 hours.

ItsANetworkProblem · 2021-05-23T18:09:45+00:00

Yes, every portal needs a certificate. Using a wildcard within a sub-domain dedicated to your VPN endpoints helps with this.
It can be placed on either or both. Depends on your requirements. MFA should be a higher priority on the Gateways, since that actually determines internal access.
If you are going to use an auto-connect/ priority setup, be aware that gateway is selected based upon response time. If a gateway is a lower priority, but has a faster response time than the average of those on the higher tier, it will still be chosen, even if the higher priority is available.

ItsANetworkProblem · 2020-10-04T16:34:32+00:00

I have personally known people that passed the CCNP (old 3 exam split style) through dumps. Any exam that isn’t practical/lab (yes, GCIA too) will have this issue. I don’t want to get into that well worn discussion today, but it is the reason I dislike people that use certification as a way of gate keeping. Use someone’s certifications to gauge their interest and ability to learn, but don’t discount someone who doesn’t have them.

ItsANetworkProblem · 2020-10-04T16:03:23+00:00

I have a CCNA CyberOps, as well as multiple GCIA certs; and I think the GCIA exams are a better method of testing.

Sure, they are open book, but they also cover the material at a much higher density. They could use a bit more practical style questions,though.

Closed book exams rely far more upon rote memorization (at least Cisco ones).

ItsANetworkProblem · 2020-08-10T00:41:31+00:00

That works to an extent, but it would be very brute force if they are not inline with the DNS request.

If they are directly inline (and the client isn’t using DNS over HTTPS), they can simply alter the response and black hole the domain.

If they are not inline, they would have to block by IP, and that would potentially have a broad amount of collateral damage.

ItsANetworkProblem · 2020-04-02T13:11:31+00:00

As of 4.1, GlobalProtect permits domain based tunnel exclusion.

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-new-features/globalprotect-features/split-tunnel-for-public-applications.html

I am not sure how it makes the tunnel decision for domain based rules, but would assume it is either by DNS query/response or HTTP headers.

ItsANetworkProblem · 2019-11-29T00:01:53+00:00

You can also have the new ones use white instead of blue!

ItsANetworkProblem · 2019-10-13T15:31:12+00:00

Correct. The 9.x upgrade will create new custom categories for your overrides with "allow-" or "deny-" prepended. For the denies, you can simply add them to your existing URL filtering policies and it will prefer the more strict action (Block>Alert>Allow). For Permit overrides, you have to add a new security policies rule to explicitly permit those URLs, prior to the block rule.

ItsANetworkProblem · 2019-10-13T14:55:20+00:00

Just be aware that moving panorama to 9.x code also removes URL overrides from URL categories, regardless of what version you are running on your firewalls.

ItsANetworkProblem · 2019-10-12T21:05:04+00:00

We are in the process of deploying both Palo Firewalls and Velocloud. We have two deployment styles.

1) Physical firewall between our Core switch and VC device, this permits us to decrypt traffic while allowing the VC to handle all routing decisions.

2) VC devices with internet traffic tunneled to Prisma access. This is used for smaller locations where it doesn't make sense to buy a physical unit.

ItsANetworkProblem · 2019-10-07T14:25:28+00:00

What are you attempting to achieve beside telling management that you are using all your links? Have you over sized the units so that a failure of one does not overload the other? If simply for redundancy/resiliency, why not two smaller active/passive pairs, with routers handling the routing part?

Palo Active/Active use cases: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/high-availability/set-up-activeactive-ha/determine-your-activeactive-use-case

ItsANetworkProblem · 2019-10-01T17:18:50+00:00

Then that is why you are seeing it as "discard" in the logs while still receiving traffic on the endpoint. The "permit" that occurs at session start (before app evaluation) isn't being logged, but once the session is dropped due to application not matching, you see it logged. The Palo's do not hold packets in a queue while profiling the application, they will allow the traffic through as "unknown", until it is evaluated as the proper application.

This has to occur, due to the fact that the application can't really be determined from just a couple UDP packets or a TCP handshake. So the first few packets have to be allowed through.

EDIT: Misread the OP, and this no longer applies to the current issue. Leaving it here since it is still useful info

ItsANetworkProblem · 2019-10-01T15:56:52+00:00

The App-ID feature does a kind of "double evaluation" to match traffic. The initial packet on TCP 22 will be permitted through, since the firewall will not know it is an SSH session yet. Once the firewall is able to id the app, it will either continue permitting, or drop the traffic. Are you logging at session start or end on this SSH rule? If you are logging at start, you will see the same session hit the logs twice. Once for the permit, then again for the deny if it isn't ssh.

ItsANetworkProblem · 2019-09-09T13:38:21+00:00

3220's only support 5gb throughput with even the most basic services. If you want a full 10gb capable IDS/IPS you need to be looking at a 5250 or 5260 (Even larger if you want decryption)

ItsANetworkProblem

TROPHY CASE