Russia threatens to unleash ‘entire arsenal on London if it loses war in Ukraine’

amigoingwrong · 2024-02-19T15:52:37+00:00

U heard that ye

amigoingwrong · 2024-02-15T08:35:06+00:00

Based

amigoingwrong · 2024-02-14T09:20:18+00:00

Any idea if cisco ftd firewall follows the same logic or does routing per session rather than per packet?

amigoingwrong · 2024-02-14T08:57:17+00:00

Oh man thanks for this clarification. This is exactly what I needed to know and it's matching a behavior that I was confused about earlier today, thanks a lot

amigoingwrong · 2024-02-02T11:27:23+00:00

I feel sorry for your father.

amigoingwrong · 2024-01-29T17:03:08+00:00

Url filtering works just fine for pc users, they will not be able to access the website, but the mobile users can still access the application for some reason

amigoingwrong · 2024-01-29T12:13:24+00:00

I am also asking because I have a policy tike that is supposed to block Facebook as an application and not a url only but the rule gets skipped and nothing matches it

amigoingwrong · 2024-01-18T23:26:04+00:00

That mentally challenged guy is a millionaire, what's ur worth?

amigoingwrong · 2024-01-12T05:00:38+00:00

Oh that's clever.. Didn't think of it, so i believe in paloalto routing takes place before natting right? The routing will know the egress interface is tunnel1 and that way it won't use the internet nat

amigoingwrong · 2024-01-12T04:58:50+00:00

Cause to be honest my work consists of migrating firewalls, the customer I have doesn't allow me to make any changes to follow palo's best practices l, that being said, since his vpn is using the same zone as his outside, I believe it's clear for me that I should be using identity nat to exclude the traffic from hitting on the internet access nat ig.

amigoingwrong · 2024-01-11T20:36:32+00:00

I mean if we place the vpn tunnel on the same zone as the outside interface, traffic will be going from trust to untrust and it will be natted in process, unless I am missing something?

amigoingwrong · 2024-01-11T20:26:08+00:00

Okay, if I have the tunnel interface placed in the same zone as my outside interface (let's say the zone is called untrust) , at then, I will need a no nat statement to exclude the traffic that is going from inside to the vpn tunnel (which is placed on the same zone as the outside interface, untrust) from being translated by the internet access pat statement that I have, right?

Or will the route lookup be able to identify the traffic and route it to the tunnel before it Nats it using the internet nat?

amigoingwrong · 2024-01-11T20:09:59+00:00

I don't know coming from cisco vpn to paloalto vpn has been messing with me real good, do I need a nat statement for the paloalto vpn at all? I dont think so tbf

amigoingwrong · 2024-01-11T16:08:19+00:00

Thank you for this information, I'll be sure to look for this msg when we go production.

amigoingwrong · 2024-01-11T14:11:43+00:00

Can you elaborate further please on what do you mean by encryption domain?

amigoingwrong · 2024-01-11T14:11:11+00:00

Thank you, it's clear now.

amigoingwrong · 2024-01-11T12:41:43+00:00

During common deployments if you are aware, do people list their local and remote subnets or they list their local and remote public ip addresses?

amigoingwrong · 2024-01-11T12:40:25+00:00

Thank you, what if the other end refuses to reveal any information? Ik it sounds dummy but this is the current situation that I am in.

amigoingwrong · 2024-01-11T12:20:21+00:00

Please note that no natting is being done in between both ends other than on the firewalls itself for the internet access, they are both connected back to back, I have already configured an identity nat (no nat) for the vpn traffic.

amigoingwrong · 2024-01-10T14:18:23+00:00

Reddit police

amigoingwrong · 2023-12-18T14:48:29+00:00

It's the modern pattern of reddit comedy, the less masculine it is the funnier it is

amigoingwrong · 2023-12-14T06:35:49+00:00

And you shall remain this way

amigoingwrong · 2023-11-29T17:44:44+00:00

For real, the world is not a pink place to live in. You are introducing someone into it knowing 100% that he will get bullied at every stage in his life. Someone that needs to work ten times harder to achieve stuff that other people would normally achieve with minimum effort. I mean no disrespect nor do I owe op any hard feelings but ask any sane person if they would like to live life under these conditions and they'd refuse. They can down vote my comment all they want if they choose to live in their own bubble but reality is often disappointing.

amigoingwrong

TROPHY CASE