PANW - Press Releases & Public Statements.I understand that for my side to adjust and use ECMP, but what happens from the other end, if it is a Palo Alto or any other vendor, the other end should also have something like ECMP so that also the other end can return and/or send the traffic through both tunnels, right?ĭo you have support related questions? Check the Support Site Company Information I understand for this I should use, from the AP side, active ECMP, with the routes of the tunnel interfaces with the same metric. example could be that some networks go through a tunnel and other networks go through the other secondary tunnel or that all go against a tunnel and against another, type round robin. This operates correctly, without problems.ġ.- If I wanted to use the two tunnels simultaneously, i.e. the main route with a path monitoring, and the other route, which in case of a failure condition, takes the route out of the FIB and enters the route with the next metric. We currently have two routes, a floating route, i.e. Through both tunnels the network 172.22.0.0/24 is reached. I have two tunnels Ipsec Primary and Secondary. I have a questions regarding a particular VPN Site to Site issue. Hello, good afternoon, as always thanks for the collaboration, the good vibes and your time.
Syslog server: RHEL 8.7 using rsyslog version 8.8ĭo I need to configure a certificate profile or OCSP responder on the PA to get TLS syslog working? I have also used diffrent variations on the PA syslog server profile such as TCP/514 and BSD log format. The syslog server is using TCP/514 and the PA FW Syslog server profile is configured for transport SSL/514 and log format IETF as outlined here: The PA side I get a "certificate verification failure error" The PA log settings and Server profiles are created and I can see the traffic being sent to the syslog server but I have a GnuTLS handshake error on the syslog server side. I also imported the IdM CA certificate into the PA and listed it as a Trusted Root CA. I can import the public/private key without issue and assign it as a certificate for Secure syslog in the firewall. I modified the private key to have a passphrase (ssl rsa -aes 256 -in fw.key -out fwp.key). key certificate from an external CA (IdM).
I have not been able to get TLS syslog forwarding to work and looking for recommendations.
0 kommentar(er)
