About essnet

Ok, but what about Europe domain users ? I think you don't get it , I want to keep local domains, but PA uses global name. In addition it breaks AD groups feature. ... View more

Great news savasarala , I have been fighting for ages with PA about that. Regards ... View more

Hello, UserAgents have a feature that scans workstations via WMI/Netbios. If you firewall request informations about an IP to a UserAgent (even if that IP is on internet), it will scan it. If you don't want internet addresses to be scanned or IDed, look at your zone User Identification configuration and UserID doc in general. ... View more

unless you have a rule that allows Untrust to Trust application = ANY , no it won't pass .... ... View more

GlobalProtect (optional licence) woud do the job great if you cannot set a 100% working solution with UserID (which is my case) ... View more

GlobalProtect (optional licence and requires a client installed on all PCs) is the only way to do this properly from my experience. I tried eveything from User agent, autologon script etc etc ... 95% accurate at best , yet making 5% of population creating tickets because they don't have access to a resource. If it's only to ID peolpe for internet, Captive Portal will do the job also. ... View more

If that was useful/revelant , there would already exist applications called Firefox, Chrome, IE and Safari. They are all clients for well known protocols. If you look at client-server apps, they do not guarantee you are usuing official client for the application, it only recognizes the network behaviour/protocol of the service offered, not the program/binary behind this traffic. In addition, while User-Agent will work in most cases for HTTP (if you except the fact that it can be faked easily), other protocols don't have this kind of feature (ie: smtp, imap, pop, remote desktop, exchange ...all of them have compatible but no way to identify it at firewall level) In fact, PaloAlto should have called it ServiceID instead of AppID, it would have been clearer for everyone. Note that I am not against a "ProgramID" but I barely see it maintainable and accurate. ... View more

Ok, So first question is : in  traffic logs, do you see torrent traffic ? If yes, look at the rule name that allowed that traffic and fix it. ... View more

So ... If a jDownloader is used to download a file on Easyshare, is it Easyshare application or jDownloader ? You are mixing Websites that are providing a service (so it can be called an application) and Programs that runs on PCs. 4shared, bigupload, easy-share, megaupload : all of them are website that are providing a service and so it is considered as an application. If you use InternetExplorer to access Dropbox or a third party program, it will be considered as Dropbox application. In addition, nowadays many downloader programs are faking User-Agents (or at least give people the ability to change it in its configurations menus) to bypass corp restrictions or filtering. ... View more

anyway, anyone can create a new google account everyday, and create a doc with a form like you showed in a few seconds. Does it mean that Brightcloud should ban the X millions clones of same phishing form ? Pointless and performance hungry. ... View more

torrent file is armless : it doesn't contain any dangerous material. feed it to a torrent client downloader and it will start downloading the real file. This is what PA can block : torrent client traffic. ... View more

A linux admin would not agree to say 400MB of swap is healthy. Btw I usually get 7-12 minutes commit times on my PA-500 even when it's idling during night times. This is loooooong. ... View more

unfortunalty , using global catalog will append wonrg domains in front of users. Imagine ou have 1 forest with 2 domains : America, Europe. You configure PaloAlto LDAP with base domain mycompany.group and domain mycompany. Users will be listed as: mycompany\joe mycompany\roger while real users are: america\joe europe\roger This is also breaking user / group mapping for me. So for the moment I am using 1 LDAP setting per domain + 1 Group mapping per Domain. This is annoying but I hope PA will improve that anytime soon. ... View more

hello, download a .torrent file is not doing peer to peer, it's like downloading a .doc , it's nothing armful. ... View more