Pre-Logon without Windows credentials

Hello,

I want to test the pre-logon feature of GlobalProtect in our environment.

Our clients are using two factor authentication (eToken) for the windows login. So they don't know their windows credentials.

We have already installed machine certificates

Basic QoS Understanding

So, I'm trying to get a clear understanding of QoS on the PA's.  Any feedback / answers would be appreciated:

Maximum Egress - Straight forward - the maximum amount of traffic you are allowing out.

Guaranteed Egress - This one I'm foggy on.  Is it only

Slow transferspeed over IPSec against ASA5510

One of our customer has a Cisco ASA 5510.

We have successfully created a IPSec tunnel and traffic flows both ways, but when trying to transfer a file, the speed caps at ~300KB/s, every 4-5 packets is dropped and the latency goes from ~3ms to 90ms.

Both

User ip mapping with only Global Protect

Hi all,

i have a question regarding user ip mapping when only using Global Protect to authenticate users.

Without enabling any user-id agent. Neither external on a server, neither on the firewall.

It works as Global Protect identifies the logged-on user

How to reset webserver access.log?

Hello,

I have out of space on the root partition (PA5020, 4.06). How should i delete webserver access.log?

Regards

MJ

User Activity Reports

I really need some help in the correct process of running a user activity report. I have a request to pull the last 30 days of internet activity on a particular user. Every time I attempt this, I get strange results. Either the info only goes back 3

Switch port interface

Is it possbile to configure one of the ethernet interface ports on a PA 3020 as a switch port?

Pannorama and HA Cluster

Hey

i would like to know how the commit process works when i push commit on pannoaram to HA device group.

1) does Panorama send the configuration to both of the device and then commit it?

2) does Panorama send it only to one device and it commits it to

Destination NAT to address not in same subnet

Hello,

I had a quick question about destination NATing to an address not in the same subnet as an interface on the Palo Alto. For example, let's say I have a site-to-site VPN and I am using destination NAT on one side of the tunnel. When traffic comes

GlobalProtect release 1.2.7

Hello,

do you know when GP 1.2.7 will be release?

Accessing web systems using main office's IP trough IPSec tunnel

Hello.

We have a few IPsec S-2-S tunnels with different devices on other side and all works nice, but in one of them is required, that users on other side can use internet resources (to get this sides WAN IP address and access few web systems that wit

Is a crossover cable required if cabling a host directly to the PA interface

I have a host directly cabled to an interface on the PA. I am having issues with internet connectivity on this host. I wonder if a crossover cable is required to cable direct rather than traversing a switch first?

Thanks,

Daniel