This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

About Remo

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Remo
‎11-26-2025
since ‎03-20-2013
L7 Applicator
User Activity
User Profile
Latest posts by Remo
View All
User Badges
Community Statistics
Member Since ‎03-20-2013 04:23 AM
Date Last Visited ‎11-26-2025 01:29 PM
Posts 2,247
Total Likes Received 806

Re: User-ID Agent exclusion list

by in General Topics
‎05-17-2018 12:32 PM
1 Kudo
‎05-17-2018 12:32 PM
1 Kudo
@faizankhurshid Are you talking about excluded networks in the user-id agent configuration or in the zone configuration on the firewall? ... View more

Re: User-ID based policies exclusion

by in General Topics
‎05-17-2018 12:30 PM
1 Kudo
‎05-17-2018 12:30 PM
1 Kudo
@faizankhurshid exactly, towards your domain controllers you shouldn't enforce User-ID. In addition printservers, profileshares and other mapped network drives are also critical connections. It is possible to enable user-ID there but you have to make sure that the User-IDs are almost instantly present on the firewalls because otherwise it takes a lot longer for the users to log in as windows receives the information on what to do with the group policies and then it tries to to this. And if the connection is not possible pretty fast then windows tries again and again and again - so in this case it could take a lot longer for the users to log in. So to enable there make sure that the log-read frequency of the domain conteoller logs is set to 1 second (the lowest possible value). ... View more

Re: Panorama log settings wildfire is invalid error on commit failure

by in General Topics
‎05-13-2018 05:21 AM
‎05-13-2018 05:21 AM
Sounds like there is a setting for the forwarding of wildfire grayware files in your log forwarding profile which isn't supported on PAN-OS 6.0.1. Did you recently change something in your log forwarding profile or did you recently upgrade your panorama? (Just in case you don't know already but end of life of PAN-OS 6.0 was on march 19, 2017. https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary) ... View more

Re: Global protect problem

by in General Topics
‎05-11-2018 08:47 AM
‎05-11-2018 08:47 AM
The root cert which signed the self signed portal certificate must be imported into the "Trusted certification authorities" folder on the clientcomuter (required admin privileges) ... View more

Re: 2 factor authentication and radius on global protect

by in General Topics
‎05-11-2018 08:27 AM
‎05-11-2018 08:27 AM
Yes, this is possible. Now I don't knlw enough about what you plan to do, but this sounds like you should also configure the same radius profile on the gateway and use authentication cookies to force the users not too much to login. ... View more

Re: 2 factor authentication and radius on global protect

by in General Topics
‎05-11-2018 08:08 AM
‎05-11-2018 08:08 AM
It depends on your needs: under authentication of the portal and/or the gateway ... View more

Re: 2 factor authentication and radius on global protect

by in General Topics
‎05-11-2018 07:46 AM
‎05-11-2018 07:46 AM
Yes 😉 ... View more

Re: Getting started Panorama 8.1

by in General Topics
‎05-10-2018 02:36 PM
‎05-10-2018 02:36 PM
Hi @Retired Member   May be you found a bug with that tunnel-zone-problem, because panorama 8.1 is already pretty new and has a lot of bugs. So first I would recommend you to update to 8.1.1 and try again.  ... View more

Re: Adding MFA to Pre-login GlobalProtect

by in General Topics
‎05-10-2018 10:58 AM
‎05-10-2018 10:58 AM
I think there is no real solution for you in this case, except that you disable pre-logon if there isn't enough security for you. It's probably about the question: do you trust the loginscreens of windows and mac? If not, then change everything to user-logon and there will be no connection to your internal network until the uset is successfully authenticated. ... View more

Re: User-ID Agent 8.1 help needed

by in General Topics
‎05-10-2018 10:46 AM
1 Kudo
‎05-10-2018 10:46 AM
1 Kudo
Just in case you don't know this already ( @dannon, @mdk1380😞 this problem with the computernames was a bug (WINAGENT-269) which is resolved in User-ID Agent 8.1.1. ... View more

Re: URL alerting without SSL decryption

by in General Topics
‎05-10-2018 10:04 AM
1 Kudo
‎05-10-2018 10:04 AM
1 Kudo
Paloalto Firewalls are logging also https URLs (at least the domain name) even without decryption. What does your security policy look like? Do you have the URL filtering profile only applied to a rule where web-browsing is configured but not on ssl traffic? ... View more

Re: Asterisk Wildcard Error

by in General Topics
‎05-10-2018 09:56 AM
‎05-10-2018 09:56 AM
Hi @Pooch87   As @JoeAndreini already wrote, the asteriks needs to be the only character in a token. Tokens are separated by one of these characters: . / ? & = ; + So your example would be valid like this: *.lans.com.au This is probably not what you want to filter on. So you have to create a custom application. This way you are able to use exactly this filter which gives you the mentionned error with the url filtering feature.   ... View more

Re: Global protect problem

by in General Topics
‎05-10-2018 06:40 AM
1 Kudo
‎05-10-2018 06:40 AM
1 Kudo
I assume you are using a self signed cert for your portal and the root CA which signed the portal cert is not in the local cert trust store of this computer, right? ... View more

Re: Creating a global, URL based whitelist rule

by in General Topics
‎05-10-2018 06:37 AM
‎05-10-2018 06:37 AM
Ok, then it is clear 😉 ... View more

Re: Creating a global, URL based whitelist rule

by in General Topics
‎05-10-2018 06:06 AM
1 Kudo
‎05-10-2018 06:06 AM
1 Kudo
@BPry You are absolutely right when you need to filter on parts of the URL after the FQDN, but if not this works in almost all cases without having decryptiom enabled. This is at least my experience with applying URL filtering without TLS decryption (--> SNI/hostname extension in the TLS client hello packet) ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎11-26-2025 01:29 PM
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks