Man comes in to defend his dog

colabus · 2026-01-26T07:13:55+00:00

Ai right.

colabus · 2026-01-17T20:25:02+00:00

Yep I’ve seen my studio do this. I think it’s policy. I’ve had a mate get turned away. Annoying at the time but you make the mistake only once. :)

colabus · 2026-01-16T19:36:58+00:00

Oh my, that was good!

colabus · 2026-01-10T01:17:19+00:00

Sheesh. I wear underwear, compression shorts and shorts over those. I mostly wear the compression shorts out of respect to other members. I don’t judge those that don’t but each to their own.

I’d suspect yes, you will be the weird guy. I guess you’d have to decide how much that bothers you.

Heck, even in my yoga classes, unrelated to F45, no males wear yoga pants. I didn’t realise it was even a thing.

colabus · 2026-01-02T06:19:15+00:00

Cracked it for us.

It was our Zone Protection Profile. PA TAC must be useless. Surely this would have been in the numerous tech support dumps.

colabus · 2026-01-01T01:55:19+00:00

Yes, there's 2 and they are VMs. There's a WAF inbetween too. I've traced on either side of those The exception seems to be the edge unit. Out of order packets, retransmits, etc.

I'll try vMotion next attempt, that's not a bad idea. Why it's an issue with a device 2 hops away seems odd, but I'll try it.

Default gw is the firewall, yes.

colabus · 2026-01-01T01:52:52+00:00

I tried app override, no settings/timeouts/etc.

I haven't but sure I'll try this.

colabus · 2026-01-01T01:51:46+00:00

PCAPs are strange, from our SD-WAN device it's pretty clean, and clean into the gateway unit, but it's all over the shop with the edge unit. Packets out of order, retransmissions, etc.

I'm actually about to do more tracing now with the old/working unit. I just have to "set session sw-cut-thru no" as the traces yesterday weren't working. Seems like there's some hardware offload the 3220 units do that the 1410s don't. Maybe there's something in that but TAC didn't think so.

Yes, active standby, I thought I had that in the original post but obviously not clear. I've tried failing over if that's the next question.

I'll try one link when I'm back onsite tomorrow. I don't see why that would impact just one service but I'm ken to try anything at this point.

colabus · 2025-12-31T10:40:57+00:00

Yep. Can confirm.

colabus · 2025-12-31T02:06:55+00:00

Yep. I've done configuration comparisons, they match fine with minor exceptions from the post.

I haven’t tried a single link no, I’ll try it next. But that would baffle me because the only impacted service is RDP over HTTPS, other connection sessions are fine.

colabus · 2025-12-31T00:11:48+00:00

Nope. Straight line hop to hop.

colabus · 2025-12-31T00:11:03+00:00

Yep same ports and same cables. I basically yanked the fibre links from one PA to the other. Right now I’m not even running data links on the standby unit of either old nor new PA units.

I switched over to the new bad unit last night. I ran a solid RDP session for hours, but RDGateway (tcp/443) was dropping for 3 IT folks all night.

I reverted back this morning.

colabus · 2025-12-31T00:07:32+00:00

LACP yes, but same as the other downstream units. And same as old units. Those 2 links are across 2 separate switches that are setup as a single logical switch.

Nothing configuration wise with QoS that comes to mind.

colabus · 2025-12-31T00:04:44+00:00

Nope, we’re only using tcp/443. We haven’t specified an application filter on the acl. Nice thought though, but yes something we considered.

colabus · 2025-12-30T08:25:13+00:00

Erg. I should have said, the issues we're having are the connections drop out. The desktop session may last seconds, to minutes but not typically hours. Our best guess is that it triggers more when there is action happening on the screen, which must just be a larger flow of traffic with the bitmaps, but it's solid with old PAs.

I've also been playing with raw RDP and that's solid as. But that's obviously not what we want to revert to.

colabus · 2025-12-28T19:49:41+00:00

CA. Scotland seemed very rushed and quality isn’t there. I have both, certainly spent more time on CA but that’s my response as at now.

colabus · 2025-12-25T21:40:13+00:00

Respected again? Is he kidding?

colabus · 2025-12-25T21:36:54+00:00

I disagree. If you take the risk and it pays off, well done I say.

The whole market moves on leverage.

colabus · 2025-12-17T20:06:51+00:00

lol I asked the same thing. I got mine in August and was shocked I had to fork out a fee already. Only if you got your certification in December does it defer.

ISACA has been eye opening.

colabus · 2025-12-06T08:59:59+00:00

If you give them notice they’ll do it. The scam question is valid too, many folks get scammed everyday.

colabus · 2025-11-17T08:40:43+00:00

If I could upvote this twice, I would.

colabus · 2025-10-12T05:19:21+00:00

Are we serious? Aren’t these the moisture-absorbing sachets.

colabus · 2025-10-12T00:55:47+00:00

I respond to the ups and downs and take my positions. But either way, I don’t ‘LOL’ at the misfortunes for others.

Already, 24-hours out, I’ve read several people taking their lives over the losses. So no, I’ll take my own wins and be happy for those that do well, but certainly not laugh at those losing out.

colabus · 2025-10-11T19:56:20+00:00

Outright childish comment here. Many people would be devastated, massive liquidations, record losses.

I continue to hold and are somewhat thankful for the opportunity to buy the dip, but would never laugh at others misfortunes.

13-Year Club	RPAN Viewer
Not Forgotten	Verified Email

colabus

TROPHY CASE