This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About keklund

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
keklund
‎02-09-2021
since ‎08-04-2009
L1 Bithead
User Activity
User Profile
Latest posts by keklund
View All
My Liked Posts
View All
User Badges
Community Statistics
Member Since ‎08-04-2009 08:43 PM
Date Last Visited ‎02-09-2021 10:39 AM
Posts 13
Total Likes Received 1

Are used PA 'for-sale' posts permitted

by in General Topics
‎02-09-2021 07:08 AM
‎02-09-2021 07:08 AM
Hello - does Palo Alto support resale of hardware that is not End-of-Life, and are posts on resale permitted in LIVEcommunity?  I have been searching for pinned community rules and have not found anything related yet.  I don't want to post/ask more related to this if it is not allowed.   Thanks! ... View more

Re: Need help with Enterasys NAC/NMS and PaloAlto UserID

by in Automation/API Discussions
‎08-15-2012 02:20 PM
‎08-15-2012 02:20 PM
Thanks - am I reading the docs correctly that the script lives on the NetSight NMS server appliance, not the NAC appliance? I'll update and report back - need to check on a report of extremely slow Compass searches in NetSight 4.3 I saw on the listsrv first. ... View more

Need help with Enterasys NAC/NMS and PaloAlto UserID

by in Automation/API Discussions
‎08-15-2012 10:32 AM
‎08-15-2012 10:32 AM
Duplicate thread to Knowledgebase question, but need help making the info from this technote work: Enterasys User ID integration by - Marc Benoit Nick Piagentini Running a PA-4020, 4.1.6 code and assouciated UserID agent on an AD server - NMS 4.2 Tried putting perl script on NMS and NAC server - does not appear to launch on either. ... View more

Need help with Enterasys NAC/NMS and PaloAlto UserID

by in General Topics
‎08-15-2012 09:54 AM
‎08-15-2012 09:54 AM
I am trying to make the Enterasys/PaloAlto integration from this doc work: Running 4.1.6 code on the PA-4020 and the associated UserID agent on a single server.  I followed the directions exactly but see no evidence info is making it to the UserID agent. Is this compatible with the latest UserID agent?  Support directed me back to the community/devcenter for help saying anything API related was not supported. Please let me know if I should post this in DevCenter as well. Hoping the authors of the technote - Marc Benoit Nick Piagentini might see this and reply. Thanks! ... View more
Labels:

Re: Youtube Edu

by in Automation/API Discussions
‎08-15-2012 09:46 AM
‎08-15-2012 09:46 AM
I have been hoping for this functionality for some time, via URL-rewrite - I'll link in the other community thread. So far, best I have been able to come up with is forcing NAT for our students out a specific interface, and using a transparent proxy to modify that traffic. URL-rewrite would also allow forced Google Safesearch - we had it ages ago in our BlueCoat Proxy - surprised PA dos not have a solution for this yet. ... View more

Re: PBF for YouTube Redirect to external proxy?

by in General Topics
‎03-28-2012 05:59 AM
‎03-28-2012 05:59 AM
No - you've got it pretty clearly - thanks! Now I just need to work out which is the lesser of all those evils.  I may split the difference - PBF for students/unknown users through a transparent proxy (all traffic), while staff/teachers have normal access.  There are some testing/assessment sites that I wouldn't want to go through the proxy, but I have those as actual IP addresses so making that exception would be easy. Ideally PA would just get URL-rewrite in the PanOS, and that would solve this for me.  The word I have through my vendor is they are hoping to add forced safesearch to a release late this year.  Hopefully that opens up more generic rewrite capability. ... View more

Re: Captive Portal page to load when user-id is known?

by in General Topics
‎03-28-2012 05:49 AM
‎03-28-2012 05:49 AM
Thanks for the info.  We are looking into generating a user-id event against AD as workaround for this.  This is for iPads primarily we are thinking a custom app that generates an LDAP login - "logout" would be changing the user-id to a user with no rights. ... View more

Re: PBF for YouTube Redirect to external proxy?

by in General Topics
‎03-27-2012 01:10 PM
‎03-27-2012 01:10 PM
Yeah - I was afraid the FQDN was not going to resolve on the fly.  I thought they had a refresh mechanism for this now, but it may not have been actual address objects I was thinking of. I could require all clients to setup a forward proxy, but I'm trying to make this transparent to the end users (not all of the clients are under AD control).  Plus I'd have to deal with all the traffic going to the proxy, which I don't want, just youtube. I'm liking the idea of a dns-resolver pointing to the proxy.  Why would there be a caveat of worrying about setting YouTube IPs in the proxy?  Only traffic looking for *.youtube.com would hit the proxy, and the proxy should be able to handle the lookups normally to provide the content.  Or am I not understanding it correctly?  Would I be able to accomplish this on the PA itself, or just through setting my internal DNS servers to resolve the youtube.com domain? Thanks! ... View more

Captive Portal page to load when user-id is known?

by in General Topics
‎03-27-2012 05:37 AM
‎03-27-2012 05:37 AM
Working on an idea to allow a manner of login/logout for users coming through captive portal auth. On a system that may or may not be identified on the back-end, I can load the captive portal page URL manually and set/change the user-id. When I try to load the page again, I only get a blank page - is there a URL I can load to generate a 'logout' or ID clear event, or at least some way to force the captive portal to load again so users can enter a dummy 'logout' user? ... View more
Labels:

PBF for YouTube Redirect to external proxy?

by in General Topics
‎03-27-2012 05:32 AM
‎03-27-2012 05:32 AM
Since URL-Rewrite is still not an option in PanOS (I think only recently they announced that it may be on the roadmap), I've been investigating ways to redirect YouTube traffic to an external proxy server that supports rewrite.  I need to do this to implement the new Youtube for Schools service. Wondering if this is a workable scenario: - Setup an address object group using FQDNs of youtube servers (IPs would be hopeless) - Setup PBF to redirect traffic to this address group out an interface (or just next-hop externally) that passes traffic through an inline proxy that does the required URL rewrite Worth the trouble to set it up? ... View more
Labels:

URL Rewrite - any update in new PanOS 4.1?

by in General Topics
‎12-13-2011 07:29 AM
1 Kudo
‎12-13-2011 07:29 AM
1 Kudo
We are increasingly seeing the need for a URL rewrite feature - we had hoped to use it for one of the ways to force Google SafeSearch (vs. the existing option of blocking searches using an app signature) We now would like to use YouTube for Schools, which depends on URL modification: http://support.google.com/youtube/bin/answer.py?hl=en&answer=1686318 A)  Add new HTTP header rule Modify your hardware filter or proxy server settings so that all outgoing traffic to youtube.com contains the following custom HTTP header. The ID to use in the HTTP header configuration, written below, is an example of a unique ID for your school’s network only. If your school is blocked at the district level, this HTTP header is then unique to the district network. Example: X-YouTube-Edu-Filter:ABCD1234567890abcdefField Name: X-YouTube-Edu-Filter Description: When YouTube sees this header and an accompanying valid school ID in the incoming traffic, YouTube will serve a limited EDU-only site to all computers behind the school hardware filter. Field Value Format: alphanumeric [a-z][A-Z][0-9] Field Value Length: up to 44 characters B)  Create URL parameter rewrite rule If your hardware filter not support HTTP header modification, please rewrite all outgoing URLs to youtube.com by appending the parameter “edufilter” at the end. Exclude the &edufilter parameter from these file types: .css, .gif, .png, .js, .xml Example: http://youtube.com/?edufilter=ABCD1234567890abcdef http://youtube.com/watch?v=gM95HHI4gLk&edufilter=ABCD1234567890afbcdef Is/will there be any way to do this in PanOS 4.1?  We are upgrading over the holiday break. ... View more

Re: BrightCloud missing the Plot!

by in General Topics
‎08-22-2011 12:51 PM
‎08-22-2011 12:51 PM
We've also seen more and more of this - 'society' is essentially a worthless category.  Every new proxy site seems to fall there, and is allowed until the app detection catches up. We need to have 'society' open because we are an educational institution. BrightCloud was touted as an improvement over SurfControl, and it was at the beginning.  Now I constantly have to answer questions on why certain sites are blocked and certain sites are allowed. We bought this product specifically because we wanted to stop playing whack-a-mole :smileyangry: ... View more

Re: Logging - Best Practise?

by in General Topics
‎02-22-2010 11:34 AM
‎02-22-2010 11:34 AM
I just tried this and am noticing the same thing (no URLs in threat export). I do get the URL data in the syslogs, but that takes a few extra steps I'd like to avoid when collecting the data into SQL. I need a good way to collect the URL data off the filter itself. ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎02-09-2021 10:39 AM
Latest Tags
No tags yet
Likes From
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks