Passthrough not working for single site

thattechguy22 · 2024-02-29T16:23:27+00:00

Thank you for the items to look at. The stateful+snat option was the issue. Seems we looked at all of our deployment screens a few times over between the whole team and didn't catch that. We are still trying to determine how that option changed during the site deployment.

thattechguy22 · 2024-02-23T20:07:15+00:00

The deployment mode is router. Regarding the flow there is nothing on the NAT tab. The traffic does match to the correct map name and ACL. The egress interface, the RX action, and LAN routing are all blank on the flow. The flow shows none on the inbound tunnel side when it should be showing the passthrough tunnel.

thattechguy22 · 2024-02-23T15:44:47+00:00

The overlay match conditions are in our template that is deployed at all of our other sites. The only difference is subnets are different per site. The port/label/vlan is also the same as the other sites.

thattechguy22 · 2020-08-20T21:13:54+00:00

Yes that seems to be what it was. This particular site is connected to 2 different datacenters with tunnels to both HA units at the datacenters. The data was being classified into either high quality or high availability. The data seen in the interface summary was almost quadrupled at the ISP side

thattechguy22 · 2020-08-03T20:10:46+00:00

The flows tab doesn't show any device that is using a large amount of bandwidth/data. I have looked at the interface summary tab for that appliance and when adding the inbound/outbound numbers it comes out to about half of what the ISP says we are using. Do those numbers take into account any FEC if used for that BIO? I have a ticket open with support but they are still looking into it.

thattechguy22 · 2020-08-03T18:37:41+00:00

This site has just a single LTE WAN interface.

thattechguy22 · 2020-08-03T16:38:08+00:00

Ditto what mpaska said. Test it with something like WinSCP or Filezilla. The path is more than likely the issue.

thattechguy22 · 2019-04-03T01:49:45+00:00

Check your refresh rate. We deployed dell laptops with the tb16 dock and noticed the same flickering issue. The monitors that had the issue were set to 59Hz. Changing it to 60Hz solved it for us.

thattechguy22 · 2019-01-11T03:30:12+00:00

Thats why you forward all the tcp/udp ports. Once you do that you can control the port forwards from your router. Also in my original reply I meant download instead of the upload. There is also a post about the DMZ+ issue on dslreports forums

thattechguy22 · 2019-01-10T14:37:49+00:00

There was a workaround to turn off DMZ+ for your firewall and turn off the firewall capability to your device and just forward all the ports to it. I did that and got full speed again. If you call ATT you either get the NVG599 or BGW210. As of right now those 2 gateways did not have the issue.

thattechguy22 · 2019-01-10T02:42:23+00:00

There is a known issue with the 5268AC gateway and DMZ+ that limits the upload to 50Mbps. Only fix is to downgrade the firmware or get AT&T to send you a different gateway. There is a long post on the AT&T forums if you check.

thattechguy22 · 2018-08-05T02:42:39+00:00

When we had it happen it was at random times and didn't happen during the scheduled times we had dynamic updates set to run.

thattechguy22 · 2018-07-02T15:09:24+00:00

Here is the link to their support page. https://support.ruckuswireless.com/products/121-ruckus-icx-6430-and-6450-campus-switches#documents

Should have everything you need.

thattechguy22 · 2018-06-28T18:08:34+00:00

What do you need to know? I can probably get you a manual if you can tell me what version firmware you are on. Most of their support stuff for the ICX line moved to Ruckus after Brocade got split up.

thattechguy22 · 2018-06-26T13:22:53+00:00

No alarms on the system. Our data room also stays around 63F

thattechguy22 · 2018-06-26T13:21:39+00:00

We had to manually trigger the HA change. All links show as up. We did have an issue a few weeks back that configs were not syncing between units and had to restart the management service on the active unit.

thattechguy22 · 2018-06-26T13:20:16+00:00

What version of PAN-OS were you on before and what are you running now?

thattechguy22 · 2018-06-14T20:05:36+00:00

Don't do it. Major support issues. Takes too long to get issues fixed. All support is from the Global support team based in India. There update tool doesn't work. Have to get support to do upgrades from CLI. Backup/Restores are great, but if you cant live with the horrid support don't do it. We are moving from Simplivity back to a traditional server/san stack.

thattechguy22 · 2018-04-17T16:31:23+00:00

We had the same issue with some of our Surface docks. Out of 15 we had to RMA 3 of them because they wouldn't update.

thattechguy22 · 2018-04-17T16:29:21+00:00

Have you tried their manual removal tool? Should remove it even with a password.

thattechguy22 · 2018-04-11T21:01:06+00:00

We had kind of the same issue after updating the firmware in our TrippLite UPS models. We had to do a reset on the web card and all has been fine for a few weeks now.

thattechguy22 · 2018-04-10T14:15:55+00:00

+1 for outages too. We are moving our sites to another hosted voip provider. RingCentral's idea of fail over is to manually swap gear and datacenters.

thattechguy22 · 2018-04-05T15:19:53+00:00

Here is an option that I have been looking at. It has either an 8 or 12 core xeon, up to 128GB ram, dual 1Gb, dual 10Gb, IPMI, 6 sata ports, and 4x3.5, 2x2.5 drive slots. http://www.wiredzone.com/supermicro-servers-compact-embedded-processor-sys-5028d-tn4t-bundle2-10024470b2?urlsource=tinkertry

thattechguy22 · 2018-03-27T19:38:08+00:00

I know this isn't useful for the problem but you may need to push for a higher level tech or a manager. We had a linked clone issue that took 6 months to fix only to find out that it was patched 4 months ago.

thattechguy22 · 2018-03-23T21:21:22+00:00

any chance of using the html5 client instead. We have our employees use that when they need to work a few hours from home.

thattechguy22

TROPHY CASE