Does Global Protect maintain a list of MS patches or does it only look for the patches that you list in the HIP object? If it does maintain a list were can you see the list?
I have the Following Scenario on a PA-200 [ISP1]Zone = UntrustEth1/1 = 192.168.7.110/24Modem GW = 192.168.7.1/24 [ISP2]Zone= UntrustEth1/2 = 192.168.5.110/24Modem GW = 192.168.5.1/24 [Local LAN]Zone=TrustEth1/3 = 10.1.1.1/24Running DNS-Proxy and DHCP for Eth1/3 In the Default VREnabled ECMP0/0 to 192.168.7.1 [ ISP1 ]0/0 to 192.168.5.1 [ ISP2 ]Su...
Hi there, I'm trying to filter the rules via subnet. Is this possible ? I've tried copying (addr in '10.10.10.0/24') from a working log filter search and that doesn't seem to work. There's no filter builder like the log search box so i can just use that to figure this out. This is not very intuative. is it even possible to filter rules by Sub...
Hi Guys. Good day!I would like to know that what is the benifit of target tab on Panorama. For eg. I create a shared policy. Now I push it to firewalls I choose using device group while commit. Now I create shared policy and choose target (never done it). Do I need to commit on device group than?What will happen if I commit on all devices but...
Hello, I must configure a simultaneous access VPN client to site for 60 users on the PA-200. But this firewall support only 25 tunnels vpn (datasheet PA-200). It's possible to have an extension of the number of vpn tunnel on the PA-200?
Hello I have two groups in Application Groups, every one has over 60 applications on lists. I need to recreate the same settings on another PA device - how to do it? RegardsSlawek
Hi All, In a security policy, if I allow Application "ipsec" with service as "application-default" then will the firewall also allow- ipsec-esp- ipsec-esp-udp- ipsec-ah- ike ? If you see applipedia, and if you search "ipsec" then you see the above mentioned 4 applications as sub-types of the application "ipsec". Hence the question. Same is also ...
We recently installed a new 300/300 circuit and MIS router at my workplace. No IPs have been changed, but since the upgrade we cannot ping internet addresses, and our latency and speed results from speedtest.net are horrific (like 1000+ and less than 1/1 at times.) Strangley, the network isn't crippled, but it should be performing faster than ...
I ran across this setting this morning- when setting up a NAT rule, you can specify a service or service group. Cool, but is there a reason to do that when a policy is necessary to open a service port?
Hi There, I have installed Minemeld on my Ubuntu Server 14.04.. And the service is up and running.. Wheneve I use the default Username and Password to logon to the console, it gives me an error "Error Checking credentials - gateway timed out".. I have also checked the file opt/minemeld/log/minemeld-web.log for errors ? but could not find ...
My HA is not in sync because I am getting above error message. Are there like basic troublehsooting steps/docs which I can do?
Hello, I am new to this forum so please bear with me. I would like to use debug log feature on my PA VM. I am able to turn the logging on with the following commands:debug dataplane packet-diag set logdebug dataplane packet-diag set log feature flow basic But I am unable to localize the pan_packet_diag.log file to view the logs. dp0-log does not...
Hi, we have GlobalProtect configured using a LDAP group for authentication in the VPN "cn=groupvpnusers,ou=_generic_groups,dc=it,dc=xxxx,dc=local" When we commit this new config using vpn group in Auth profile, the GP authenticacion is working fine but 2-3 hours later it starts to fail and we get this error in all users in this group "failed aut...
I am going through some cleanup of our PAN firewalls. We have 8 sites with active/standby pairs of PAN's. The sites are connected with IPSEC VPN's. The code varies from 6.0.3 to 7.0.4 versions. What's your feeling on the most stable 7.X code as of now? Requirements: 1. I want to get to the newer/later code for encryption enhancements (Suite B ...
Hey there, I was curious if anyone successfully used another VPN client on their IOS or Andriod device that works. I was told that with X-Auth/IP-Sec the Cisco Anyconnect client worked but it appears that the new 4.0 client does not (am I wrong?). If anyone has had any success with another client I would love some input or feedback.Thanks,Matt
| Subject | Likes |
|---|---|
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes |
