Fuel Workshop - Register Now: Advanced Data Plane Troubleshooting

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Team Member

Title_Fuel-Workshop-Adv-Data-Plane_palo-alto-networks.jpg

 

Register Now for Fuel Workshop: Advanced Data Plane Troubleshooting

 

 

Join us for an exclusive Fuel workshop on Advanced Data Plane Troubleshooting for Palo Alto Networks practitioners, hosted by Arun Sharma, Senior Technical Support Engineer. Scheduled for 2:00 PM Singapore (GMT+8), this hands-on session will focus on identifying and resolving common data plane issues in NGFWs.

 

Who Should Attend?

Engineers and administrators responsible for maintaining NGFW performance.

 

Why Attend?

  • Learn practical troubleshooting methods
  • Get expert insights from Arun Sharma
  • Access event recording and presentation materials post-event

 

About the Guest Speaker

Arun Sharma is a Senior Technical Support Engineer with Palo Alto Networks and has been working with them for three and a half years now. Arun is based out of Singapore with product specializations in Strata, Remote Access, and ID Management.

 

Don’t Miss Out!

Register now to secure your spot, and if you can’t attend live, the session will be recorded and shared on LIVEcommunity’s YouTube channel.

 

Register now!

1 Comment
L0 Member

The question below was asked during the session:

Is there a CLI command to see how much time remains before an auth policy times out?

I have not found any commands so far so you would have to rely on the time stamp in the system logs for authentication.

 

I did find the following command if you want to test authentication policies.
############################################

1) Create single timestamp for testing authentication policy with authentication profile containing no additional factors

admin@VM50-12> debug user-id test cp-login factor-timestamp-1 1604455858 ip-address 192.168.55.200
user thestreet\baggins
admin@VM50-12> show user ip-user-mapping ip 192.168.55.200
IP address: 192.168.55.200 (vsys1)
User: thestreet\baggins
From: CP
Idle Timeout: 2673s
Max. TTL: 3573s
MFA Timestamp: first(1) - 2020/11/03 19:12:19
Group(s): thestreet\baggins(3)
cn=thestreetgroupmappingtestgrp1,cn=users,dc=thestreet,dc=com(2147483652)


2) Create timestamp for testing authentication policy with authentication profile containing additional factors

admin@VM50-12> debug user-id test cp-login factor-timestamp-1 1604117093 factor-id-1 1003
factor-timestamp-2 1604117093 factor-id-2 1002 ip-address 192.168.55.200 user thestreet\baggins
admin@VM50-12> show user ip-user-mapping ip 192.168.55.200
IP address: 192.168.55.200 (vsys1)
User: thestreet\baggins
From: CP
Idle Timeout: 2696s
Max. TTL: 3596s
MFA Timestamp: first(1) - 2020/10/30 10:26:03
ping-identity-v1(1002) - 2020/10/30 22:04:53
okta-adaptive-v1(1003) - 2020/10/30 22:04:53
Group(s): thestreet\baggins(3)
cn=thestreetgroupmappingtestgrp1,cn=users,dc=thestreet,dc=com(2147483652)

############################################

 

Factor Identification
● Duo-security-v2 = 1001
● Ping-identity-v1 = 1002
● Okta-adaptive-v1 = 1003
● Rsa-secureid-access--v1 = 1004

Factor Timestamps

Thetimestamps must be configured in an Epoch Format

  • 652 Views
  • 1 comments
  • 0 Likes
Register or Sign-in
Labels
Top Liked Authors