topic Re: URL Filtering - Continue Action on Terminal Server in General Topics https://live.paloaltonetworks.com/t5/general-topics/url-filtering-continue-action-on-terminal-server/m-p/14776#M10853 <HTML><HEAD></HEAD><BODY><P>Sounds odd...</P><P></P><P>If verified this sounds like a bug to me.</P><P></P><P>Using TSagent the TSagent will inform the PA device which user uses which srcport range on which srcip (terminalserver) and by that the PA device already knows and should be able to limit this continue to the particular user when userid is being used.</P><P></P><P>If one user clicks on a continue-page this "click" should only be valid for this particular user and not the whole network or for that matter the current srcip.</P><P></P><P>Another case where this can occur is if the users (for some reason) already is behind a NAT before reaching the PA device.</P></BODY></HTML> Fri, 01 Mar 2013 07:19:54 GMT mikand 2013-03-01T07:19:54Z URL Filtering - Continue Action on Terminal Server https://live.paloaltonetworks.com/t5/general-topics/url-filtering-continue-action-on-terminal-server/m-p/14775#M10852 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I have a customer who has deployed a PA-2020 with 3 Terminal Server agents at this seems to be operating well with one exception.</P><P></P><P>They have configured a URL filtering policy that has a Continue action on a number of categories.</P><P></P><P>When a standard LAN user accesses these sites, the continue operation works fine. The problem is when a user on a Terminal Server accesses something from this category, they click on Continue and not only is that user allowed but all other users on the Terminal Server are allowed access without any further prompting.</P><P></P><P>Presumably this behavior is by design as from what i have read and understand the continue action binds the IP address of the user (of which the Terminal server users are all the same).</P><P></P><P>Is there a way to implement the Continue action such that this binds to the TS user or port range rather than the IP address of the TS?</P><P></P><P>Scott </P></BODY></HTML> Fri, 01 Mar 2013 02:32:56 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-continue-action-on-terminal-server/m-p/14775#M10852 scottdoorey 2013-03-01T02:32:56Z Re: URL Filtering - Continue Action on Terminal Server https://live.paloaltonetworks.com/t5/general-topics/url-filtering-continue-action-on-terminal-server/m-p/14776#M10853 <HTML><HEAD></HEAD><BODY><P>Sounds odd...</P><P></P><P>If verified this sounds like a bug to me.</P><P></P><P>Using TSagent the TSagent will inform the PA device which user uses which srcport range on which srcip (terminalserver) and by that the PA device already knows and should be able to limit this continue to the particular user when userid is being used.</P><P></P><P>If one user clicks on a continue-page this "click" should only be valid for this particular user and not the whole network or for that matter the current srcip.</P><P></P><P>Another case where this can occur is if the users (for some reason) already is behind a NAT before reaching the PA device.</P></BODY></HTML> Fri, 01 Mar 2013 07:19:54 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-continue-action-on-terminal-server/m-p/14776#M10853 mikand 2013-03-01T07:19:54Z