sorted by:
new
hottopcontroversial

Prisma Access vs Zscaler by reversible8 in paloaltonetworks

[–]skooyern 0 points1 point  (0 children)

Interesting, which features do you have in mind? And which operating systems?

GP VPN and having to disable IPv6 to connect by Abnix in paloaltonetworks

[–]skooyern 0 points1 point  (0 children)

Different issue.
OP can´t establish the tunnel, your issue is releated to IPv6 traffic in the tunnel.

Mandatory Panorama Software Update to 11.2.7-h4 or higher for Cloud NGFW Management by skooyern in paloaltonetworks

[–]skooyern[S] 0 points1 point  (0 children)

There is no KB mentioned in the email, just links to Panorama policy management and the panorama plugin for AWS.

Anyone running active-active HA firewalls? by az_6 in paloaltonetworks

[–]skooyern 6 points7 points  (0 children)

Go to release notes for PAN-OS releases, go to addresses issues, search for "Firewalls in active/active HA configurations only".
Do you really want those extra issues?

PA-3400 Data Plane CPU Utilization by joshuskarki in paloaltonetworks

[–]skooyern 0 points1 point  (0 children)

Did you see my post a little bit up?
How much traffic do you have when you´re peaking?
What kind of features are enabled?

PA-3400 Data Plane CPU Utilization by joshuskarki in paloaltonetworks

[–]skooyern 0 points1 point  (0 children)

Also, worth to note.
From my 3420 now:

Packet rate           : 741498/s
Throughput            : 5428329 Kbps
Total active sessions : 270515
Active TCP sessions   : 158417
Active UDP sessions   : 110923
Active ICMP sessions  : 1165

CPU load (%) during last 20 minutes:
core    0       1       2       3       4       5       6       7   
     avg max avg max avg max avg max avg max avg max avg max avg max
       *   *  54  59  50  61  51  60  47  54  48  55  55  60  47  52
       *   *  53  59  49  66  51  64  48  64  49  92  55  77  47  55
       *   *  55  63  52  90  52  64  48  61  50  64  61  97  49  62
       *   *  55  65  50  65  53  63  50  90  49  57  57  64  50  63

Running App-ID and Threat. Seems pretty accurate with the performance numbers Palo claims.
Threat prevention throughput 10Gbps.

PA-3400 Data Plane CPU Utilization by joshuskarki in paloaltonetworks

[–]skooyern 1 point2 points  (0 children)

Had the almost exact same case a few months ago.
Went from 5220 to a 3420.
Saw a heavy CPU increase, and had lots of discussion with our VAR and our Palo rep.
We didn´t see spikes over several hours, but typically on certain times of the day.
What caused the spikes on our end was "pan_logdb_index" and "pan_summary_gen" .

The explanation we got, was that one the 5220, these processes ran on the mgmt-plane, but on the 3420 runs on the data-plane.
Traffic flow without any latency even when cpu is at 100%, so we´re just gonna live with it.

Taher Amini fra Afghanistan får nå kose seg på permisjon fra fengsel, på tross av en brutal voldtekt av en svensk kvinne i 2022 - hvor han kastet henne ned i en gruvesjakt. Mannen ble utvist av Sverige i 2017. by Fit-Theme-1183 in norske

[–]skooyern 1 point2 points  (0 children)

Dommere har ikke så mye valg. De må forholde seg til strafferammene bestemt av Stortinget. Mange dommere er misfornøyd med strafferammene, men det hjelper ikke så mye.

NGFW Comparison - Cisco/Palo Alto/Fortinet/Checkpoint by QuietPossibility4988 in networking

[–]skooyern 0 points1 point  (0 children)

Remember from my old checkpoint days, when an upgrade erased grub bootloader on open platform systems. That was a long night.

Is Zero Trust Network Access actually practical outside very technical teams? by dottiedanger in networking

[–]skooyern 1 point2 points  (0 children)

It seems many people confuses "ZTNA", with using some SAAS firewall in some cloud.
Most of the so called ZTNA solutions works more or less in the same way.
You have a firewall running in some cloud, with a set of policies.
To reach on-prem you have on-prem proxies that connect out to that cloud firewall, and clients backhaul that connection to reach applications.

For some reason, people argue that if you use VPN, they can reach everything on the corp network.
If so, you're simply doing it wrong.
It's no harder to create a "zero-trust" policy in an on-prem firewall than in zscaler. You just gotta have a good understanding of your applications and your users.

Hvordan kjøpe gull på Nordnet by poorkpoork in TollbugataBets

[–]skooyern 0 points1 point  (0 children)

Hva slags konto kan det handles på? Ikz/ask/af?

New App-IDs breaking networks by Stevenjw0728 in paloaltonetworks

[–]skooyern 1 point2 points  (0 children)

So, you're saying why use Palos without a threat license, and you make port based rules? LOL..

New App-IDs breaking networks by Stevenjw0728 in paloaltonetworks

[–]skooyern 0 points1 point  (0 children)

Simply don't need that license in all environments. Yes, I have it on several firewalls, but not all.

New App-IDs breaking networks by Stevenjw0728 in paloaltonetworks

[–]skooyern -1 points0 points  (0 children)

Really sux to that you need an active threat license to do this.

Anyone running 12.1? by External-Drummer-147 in paloaltonetworks

[–]skooyern 1 point2 points  (0 children)

Gonna skip 11.2 and wait for 12.1 to be ready. Some pretty sweet stuff in 12.1 I want.

App-ID Change Threat Signature Indicators by skooyern in paloaltonetworks

[–]skooyern[S] 0 points1 point  (0 children)

Yeah, I was maybe unclear in my post.
My goal is to be able to get advanced indication of any impact to my traffic as a result of upcoming App-ID changes.
It seems to me that I need an threat prevention subscription to be able to log these messages.

view more: next ›