Where does the space go? A log collector is deployed with 4 1TB disk pairs. The GUI reports 3.23 TB of total space that can be allocated via quota. Various CLI commands show different values from the GUI. What is going on here? How much space do you actually have for logs?
AD Group Policy Overview
Active Directory Group Policy allows you to manage your network from on high, governing how your users and computers operate within your AD environment. Policy settings can be created to target the logged-in user or the computer, and a variety of settings that can be configured, including software installation.
To apply policy settings to users and computers in your AD environment you must first configure a Group Policy Object (GPO), which resides in a special folder called “Group Policy Objects” within the AD domain. A GPO is a named collection of configured policy settings. The policy settings in the GPO aren’t enforced until the GPO is linked to an AD site, domain or organizational unit (OU).
Once the GPO is associated with one of these, the policy settings take effect for the users and computers defined within that container. If the GPO is linked at the domain level, the policy settings apply to the workstations and servers within the domain. If it is linked instead to the Marketing OU, for example, the settings apply only to computers inside that OU.
GPOs can be linked in multiple places such as two different OUs, and a site, domain or OU can have multiple GPOs linked to it. Group Policy works from the “outside in”, first processing any local policies, then applying the site, domain and subsequent OU GPOs and working its way toward the object’s position in the AD tree. If any policy settings conflict along the way, the last setting applied rules. Similarly, policy settings applied to user logons do the same, following the path to the user object’s resting place in the AD tree. AD will override policies set on the individual computer.
Group Policy is a “pull” technology. When a windows client system starts up and is connected to the network it will pull the policy and then poll the domain for GPO changes every 90 to 120 minutes by default. There are intervals for computer and user policy and both have a default offset of up to 30 minutes.
GlobalProtect and GPO
The GlobalProtect client can be installed as either a computer or user policy.
Use the Computer Policy to ensure that it is installed on specific systems regardless of the user.
Use the User Policy to ensure that specific users receive the client on all systems that they use.
Create and Link the GPO You can use the Group Policy Management MMC (Microsoft Management Console) to create and link the GPO.
Path: Active Directory Users and Computers > your domain> Properties > Group Policy
Path: Administrative Tools > Group Policy Management > Forest > Domain > your domain > Group Policy Objects
The GPO begins with no settings.
Edit the GPO and create a package
Path: Computer Configuration > Policies > Software Settings > Software Installation
Assigning the MSI:
Make sure the Global Protect client .msi file is in a location reachable on your network by Windows client computers.
Clients will download the file from the location selected here.
Assigned applications will be installed.
Published applications will be available to the user through the Add/Remove programs interface.
PBF is generally used when there are 2 ISPs or if there are 2 routes for traffic to get to the next hop. PBF takes precedence over the routing table. If PBF fails the routing table is used to route traffic.
Traffic stops working if there is a PBF policy in place and if there is a static route added that points to a redundant route. Traffic also stops working if there is a zone protection configured with "spoofed IP address" enabled.
Traffic is dropped due to zone protection.
(active)> show counter global filter packet-filter yes delta yes
flow_dos_pf_ipspoof 2 0 drop flow dos Packets dropped: Zone protection option 'discard-ip-spoof
IP spoof protection uses a routing table to verify if the source IP of the traffic is arriving on the correct interface. With PBF enabled traffic will be on a different interface. If the routing table points to a different interface, the device thinks the packet has been spoofed and discards the packet.
Disable IP spoofing.