![]() ![]() I've seen this a lot with server hello+cert, as they are the first full sized packets you'll see. If you see that, it's possible those users have an MTU limitation with their ISP. ![]() If the client isn't receiving the server hello, I would expect to see dup acks from the client. No particular setup, but with a gateway or portal hosted on another firewall it works perfectly (both GP and wireshark), so I doubt Wireshark is to blame here. I chose the Loopback interface, but maybe the right thing to do is to take the physical interface, which in my case may be a problem because there are several (2 interfaces with IP ECMP) and we can only have 4 filters at the same time, so I am not sure I can sniff both interfaces in both ways at the same time.Īre you sure your wireshark is set up for TLS properly? I've seen a lot of engineers have problems with seeing server hello/cert due to reassembly options. My problem I think is more with the interface to pick. (gp portal > end user, end user > gp portal) Always best to capture at receive, transmit and drop for this kind of issue, then just filter the 2 public IP's each way. PANW - Press Releases & Public StatementsĪt which capture stages did you run the pcap? You need to set a capture file for the transmit stage to see packets sent. ![]() We are not officially supported by Palo Alto networks, or any of it's employees, however all are welcome to join and help each other on a journey to a more secure tomorrow.ĭo you have support related questions? Check the Support Site Company Information This subredditt is for those that administer, support, or want to learn more about Palo Alto Networks firewalls. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |