I am testing Captive Portal certificate authentication with enterprise PKI and it is not working. I have imported and configured cert profile using the enterprise root CA. When tried from the client machine, the request gets redirected to the captive
...
Good morning,
GP works great on our iPads, except you need to open the app and hit 'connect'. Sometimes it becomes disconnected and needs to be done again. This is for K-12 students, so we're hoping there is actually a way to force persistence. Is
...
Hello,
If someone would like to establish 2 IPsec Peerings between a PA VM and a Juniper SRX, can you use the same Phase1 for 2 different Phase2 on the Palo Alto ?
Phase1 is IKEv2 if it matters.
Hi - I am unable to redirect https://mypublic-ip:7788 to http://myprivate-ip:8899 using DNAT. Any idea please. Tks.
Someone can stop me if it's meant to do it this way, but if feels like a bug that needs fixed.
GlobalProtect 5.0.4-16
PanOS 9.0.1
HIP Checks in place
Scenario:
Using HIP checks to limit scope of connectivity to internal network.
Issue:
Let's say that one
...
We have observed a high memory utilization on PA-3060 ,do we have to upgrade our RAM or this is normal behavior?
show system resources
top - 02:47:35 up 631 days, 20:43, 1 user, load average: 0.02, 0.04, 0.05
Tasks: 117 total, 1 running, 115 sleeping,
First issue:
I am trying to get load config partial working from local file , address objects , address groups, service groups and security and NAT rules, to local firewall.
I am used to doing load config partial on PANORAMA to device groups.. but
...
Pushed the global protect client out through SCCM. Which works, but when the auto update is applied, we end up with the windows installer issue. the msiexec /Option error
I have checked to make sure no other installer is running, and there is nothing
...
The alienvault taxii miner was working up until about a month or so ago. It no longer works. I am getting the following errors:
<urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:590)>
I have updated minemeld to
...
I received a request to change the current security profile on 3,502 policies (spanning three VSYS) from a shared profile to a local profile. Is there a better way to do this than doing them individually through the GUI?
I don't even want to think ab
...
AlientVault has the OTX with a taxii feed configuration which looks like it could be handy. However the miner for the alienvault reputation has a link which 404's. Does anyone have any idea if this overlaps?
Also the AlienVault taxii feed would req
...
I'm trying to monitor the availability of one tunnel, to re-route the same destination traffic into a second tunnel. The other side can't do routing protocols right now--which would solve this easily. I hoped to find a non-manual way to fail over.
I
...
Good day,
if you try to open http://techblog.netflix.com our PA currently recognize it as netflix-base.
Is there a way to declare it as normal web-browsing if they try to open the techblog page since we don´t want to allow netflix-base for our users?
...
PavelK
on:
HA4 firewalls
reaper
on:
What does ch mean in PA-VM-OS Software?
OtakarKlier
on:
PCNSE Bootcamp
