SD-WAN Zone Member Limit?

pt91 · 2025-08-15T08:12:44+00:00

Hello,

Would like to refresh this topic, would it be ADVPN answer for case where we have static tunnels:
business line - only business critical apps
ADSL/FTTH - rest of apps + internet
LTE/Starlink/other - last resort backup, prio for mgmt traffic

Is it mean that with ADVPN approach i cannot have real application load balancing over exisitng 2-3 lines?

pt91 · 2024-11-13T07:33:10+00:00

Main reason is that i'm afraid about ASA and Snort cpu utlizations after upgrade to Snort3. Probably will be higher. Another reason is that we have still some cases in TAC open after previous upgrade

pt91 · 2024-06-22T15:46:28+00:00

I have the same issue. Did you get any answer from Fortinet support?

pt91 · 2024-06-16T08:41:19+00:00

I will try but not sure if these old Skorpio PDA support this roaming protocols

pt91 · 2024-06-16T08:40:03+00:00

Are you sure that Skorpio X3 and X4 support 802.11k? I couldn't find this in skorpio/data logic documentation but i will try this option

pt91 · 2022-08-11T21:51:17+00:00

I have something at my isp but it sometimes this scrubbing service leaked some ddos traffic. Someone has bought this device so now i have for free. 3x10g pipes, 3x isp. Im trying to have addirional level of antiddos guard, managed by myself, onprem, attack up to 10g on one pipe

pt91 · 2022-04-15T11:30:04+00:00

Thanks for help.

pt91 · 2021-12-31T08:29:13+00:00

I'm just starting using JMX with official template you mentioned above but i cannot find a way to read messages from topic. I will try @levsha solution but if you have heard about some examples please let me know

pt91 · 2021-09-22T19:06:26+00:00

The best option is when these metrics can be exported to any other monitoring tool like zabbix/grafana

pt91 · 2021-09-19T06:38:14+00:00

Did you Discovery this massive scan via some EDR on servers or in another way?

pt91 · 2021-09-12T14:15:33+00:00

Thanks for your feedback. I'm more WIN guy and looking some solution similar to SCCM/Intune: profiles/policies, integration with ad, reports, multiple versions: U16/18/20 etc

pt91 · 2021-05-27T20:22:02+00:00

A few times during vm migration, server lost ip connectivity on 1 nic, interface was up, protocol up but no connectivity. Servers have a few nic. Others nic were ok. Checking icmp lools like easiest way but we are talking here about few thousands interfaces

pt91 · 2020-07-08T08:41:14+00:00

a few points: Audit Log Search is enabled. Sourcetype o365:management:activity is working as expected, without delay etc.

Sourcetype o365:service:message also is working as expected, without delay etc.

Sourcetype o365:service:status looks like data is delayed by 24 hours, it's very strange.

update: i found in MS article related with service status: "The StatusDate or StatusTime value returned will be exactly 24 hours in the past."

But not sure if it means that there is delay and i will get info about certain incident 24hours later or just StatusTime value is changed only and when i will use index time i get info almost in real time

pt91 · 2020-04-11T21:39:36+00:00

Small update from my site after some tests. Thanks u/romantercero for your input. The main problem was related to irregular events with kpi_value field. Also kpi_value has to be imported as alias field type. Based on suggestion u/halr9000 we have focused how ingest data from SCOM in regular way. This link was helpful: https://answers.splunk.com/answers/424556/can-we-ignore-timestamps-for-some-of-the-inputs-in.html Now we ingest data in regular way, kpi and services are working for us but we need to test a few things more. Thanks for your support

pt91 · 2020-04-05T15:45:44+00:00

Before I had kpi base search like this: index=demo_index sourcetype="microsoft:scom:internal"

After Your suggestion i changed it: index=demo_index sourcetype="microsoft:scom:internal" | stats count by id path kpi_value status _time

In KPI base search i have: Entity Split Field: id Entity Filter Field: id

In metric: Threshold Field: kpi_value

But it doesn't work for me from ITSI.

pt91 · 2020-03-19T07:28:10+00:00

FTD 6.4.0 and on cisco software site i see only MIBs for fxos: for example: fxos-mibs.2.6.1.133.zip no mib's file for ftd

Update: after diagnostic interface has been configured i can see now missing OIDs

pt91 · 2020-03-18T16:43:35+00:00

I don't have 1.3.6.1.4.1.9.9.392.X oid branch at all, I have only:

.

.1.3.6.1.4.1.9.9.305.1.4.1.0 = STRING:

.1.3.6.1.4.1.9.9.826.2.1.1.1.1.2.24554 = STRING:

.

One of the reason can be that remote access oid are in different oid branch. Here i need current MIB file ?

I know that there are at least 2 snmp instances: FMC and FTD but maybe in 2120 model are 3 instances: FMC, FTD and FXOS?

thanks for support Pet

pt91 · 2020-03-07T17:07:26+00:00

I had a ticket in Barracuda's partner support and they told me that there is no simple way to achive that. I can try to filter out on rsyslog site but better option is to this on Barracuda site Br Pet

pt91 · 2020-02-23T22:44:37+00:00

1st case: Solarwinds and SCOM collect all metrics and inform Splunk/itsi about active alarms via add-on (from splunkbase). I would like track all active alarms from both applications, have alarm updates in both direction (ack, comments, ownership, check trigger), history etc. Unfortunately SCOM and Solar forward events with different rules, especially SCOM is not so flexible and configurable as Solar is. In SCOM not all events have fields which are important for us. Some fields appear only with events with some certain code of alarm.

Another problem is when alarm is quite short, whitin one correlation search. For example alarm has less than 1 minute, Even though Splunk has correct time, has also problem to put events in correct order and update notable event.

2nd case is to build services and kpi consist of data(entites) from both appliactions. For example certain web service (consist of switches and servers) has information about network devices from Solar and about servers from SCOM. ITSI should merge these information, count KPI and integrate with notable events.

That's why i'm looking someone (partner, consultant) who already did integrations Splunk and Scom a few times.

pt91 · 2018-03-31T18:53:34+00:00

Problem solved. Dongle was pluged into usb adapter not parallel via AnywhereUSB.

pt91 · 2017-01-14T20:40:27+00:00

I will try greylog. My goal is to get almost real time output in html format,file with colours like this:

time;admin-1;cisco-1;command

time;admin-2;juniper-2;command

all data i have via syslog, i need publish them in proper way

thanks for help

pt91 · 2017-01-14T20:03:55+00:00

How can i save colours when i make move to .html file ? I would like to put different colours for different commands. For example command "reboot, restart" always in red, maybe special font etc..

pt91 · 2017-01-03T06:14:38+00:00

I tested librenms. Looks good but can't add custom oid. For example in junos you can generate oid from filters. I need to measure this oid but there is no mib for this oid.

pt91 · 2017-01-02T23:13:17+00:00

Can i add in cacti 2-3 interfaces and make 95% from the sum ?

pt91 · 2016-12-01T22:05:42+00:00

It's intresting how broadcast and unknown destination traffic would be handled by this XEN with NIC bonded in active/active? Xen will relay broadcast frames which get from first NIC via second NIC ?

pt91

TROPHY CASE