This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

About _slv_

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
_slv_
since ‎06-13-2012
L4 Transporter
User Activity
User Profile
Latest posts by _slv_
View All
User Badges
Community Statistics
Member Since ‎06-13-2012 08:35 AM
Date Last Visited
Posts 658
Total Likes Received 97

How to pull group of users from Radius server?

by in Automation/API Discussions
‎12-09-2014 10:57 AM
‎12-09-2014 10:57 AM
Hello I try to find out solution on Captive Portal with Radius and groups of users but finally we stucked with question "how to get in security policies groups from Radius". Is there any other way to authenticate users in Radius server, but according to group that belongs user attache him a permission? Any ideas are welcome! Regards SLawek ... View more

Re: Malware site and response page - problem

by in General Topics
‎12-08-2014 11:58 PM
‎12-08-2014 11:58 PM
How You can expain that on the same workstation Response Page is shoing properply when I try to download Eicar sample? I changed profile for this interface (added response pages) but it dosn't help me, so I think is time for support... Regards Slawek ... View more

Re: Malware site and response page - problem

by in General Topics
‎12-08-2014 09:29 AM
‎12-08-2014 09:29 AM
Before I post here this problem I tryed to chage action to block - same resoults CP IP is 192.168.110.1 thats is a gatway IP of diffrenet zone/network than my workstation network. Regards SLawek ... View more

Re: Malware site and response page - problem

by in General Topics
‎12-08-2014 05:36 AM
‎12-08-2014 05:36 AM
Nope: and interface and zone Slawek ... View more

Malware site and response page - problem

by in General Topics
‎12-08-2014 03:29 AM
‎12-08-2014 03:29 AM
Hello Some time ago I created url-filtering profile: Today I found in wildfire report that someone try to download something from malware site, so I try to check is my configuration works as expected. First of all I checked is it still a malware site: admin@PA-200> test url sunrisebrowse.net sunrisebrowse.net malware-sites (Base db) (I'm using BrightCloud URL Filtering) so I started browser and I try to open "sunrisebrowse.net" after 30s or more browser wos redirected to: "http://8.34.112.54:6080/php/urlblock.php?vsys=1&cat=10056&title=malware-sites&rulename=Lan_A%20NAT%20-%20monitoring&uid=45&url=http://sunrisebrowse.net%2f" and timeout was displayed in browser. I expected responce page insted of timeout... I found the session: 61542    undecided  ACTIVE  FLOW  ND   192.168.1.35[59936]/Lan_A/6  (192.168.1.35[59936]) vsys1                                      8.34.112.54[6080]/captive-portal  (127.131.1.1[6180]) admin@PA-200> show session id 61542 Session           61542         c2s flow:                 source:      192.168.1.35 [Lan_A]                 dst:         8.34.112.54                 proto:       6                 sport:       59936           dport:      6080                 state:       INIT            type:       FLOW                 src user:    unknown                 dst user:    unknown         s2c flow:                 source:      127.131.1.1 [captive-portal]                 dst:         192.168.1.35                 proto:       6                 sport:       6180            dport:      59936                 state:       INIT            type:       FLOW                 src user:    unknown                 dst user:    unknown                 qos node:    ethernet1/4.1, qos member  Qid 0                 match src interface:  any                 match src address:    ('any                  ',)         start time                           : Mon Dec  8 11:26:16 2014         timeout                              : 30 sec         total byte count(c2s)                : 206         total byte count(s2c)                : 0         layer7 packet count(c2s)             : 3         layer7 packet count(s2c)             : 0         vsys                                 : vsys1         application                          : incomplete         rule                                 : captive-portal         session to be logged at end          : False         session in session ager              : False         session updated by HA peer           : False         address/port translation             : destination         nat-rule                             : NAT_Lan_A(vsys1)         layer7 processing                    : enabled         URL filtering enabled                : False         session via prediction               : True         use parent's policy                  : False         session via syn-cookies              : False         session terminated on host           : True         session traverses tunnel             : False         captive portal session               : True         ingress interface                    : ethernet1/4.1         egress interface                     : ethernet1/1         session QoS rule                     : N/A (class 4)         end-reason                           : aged-out Ethernet interface for zone where is my workstation hasn't captiveportal option enabled. Why this session is "rule : captive-portal", similar config works perfecly for wiruses, ie. when I try to downloaad Eicar sample I get responce page with warning. What's wrong in my configuration? do I miss something? Regards SLawek ... View more
Labels:

Re: Captive Portal with Radius and groups of users

by in General Topics
‎12-08-2014 02:35 AM
‎12-08-2014 02:35 AM
so  I wil lask my SE for confirmation, but this isnt a good news for me Thank You Regards Slawek ... View more

Re: Captive Portal with Radius and groups of users

by in General Topics
‎12-08-2014 12:55 AM
‎12-08-2014 12:55 AM
Hi I sow it before I posted this question. At the moment I have one problem, and I cant find answer: Is is possible to use in security policies groups from Radius? According to my knoweladge is it possible to limit authenticating to group defined in authentificate profile, but what next? Regards Slawek ... View more

Re: Captive Portal with Radius and groups of users

by in General Topics
‎12-04-2014 07:23 AM
‎12-04-2014 07:23 AM
bump No one is using RAdius auth with groups pulling ? Regards SLawek ... View more

Re: Latest content updates failing?

by in General Topics
‎12-04-2014 07:21 AM
1 Kudo
‎12-04-2014 07:21 AM
1 Kudo
Hi Darren What PANOS are you using? I have problems with updates too but I'm on 6.1.0 but my problems are with Antivirus udpates. >Or am I the only one who compulsively watches the install logs for content updates to make sure they work? I'm doing the same ... but I'm thinking that is it usefull ... I have case opened for few weeks, but support in my opinion do NOTHING in this case (even do not read my emails carefully) This case is a second one with same problem (missed updates and UNKNOW build of updates). Recomendation for You is to remove any updates files from device and download it again (its possible to do by CLI only) Regards SLawek ... View more

Captive Portal with Radius and groups of users

by in General Topics
‎12-02-2014 06:22 AM
1 Kudo
‎12-02-2014 06:22 AM
1 Kudo
Hello I'd like to consult with You one problem. My users authenticate with Radius on Captive Portal web page. Problem that comes to me is how to assign access according to groups of users. My FreeRadius has only one group of users, I can add more but how to use it in PAN? I read How to Configure RADIUS Authentication and there is "Retrieve user groups" checkbox but after I enabled it and do commit I cant see my groups in ADD in Authenticate Profile tab. I know that I should use RADIUS Vendor Specific Attributes (VSA) PaloAlto-User-Group: Attribute #5 - This is the name of the group to be used in the Authentication Profile Do You know how to configure FreeRadius to use it? Please point me in right direction with this problem. Regards SLawek ... View more
Labels:

Re: Automatic backup - Palo Alto

by in General Topics
‎11-28-2014 02:20 AM
‎11-28-2014 02:20 AM
Hello On serwer/workstation where You would like to keep backup use scheduler and connect it to your backup script Marco Leckel create very detailed info how to connect to PA device Backup Configuration of a PA-200 I added few more command to keep backup in zip file and have a date in file name: ren config.xml PA200config_%date:/=.%.xml 7z a -tzip "C:PA200_configs.zip" "*.xml" -mx5 del *.xml You have to put 7z.exe in same directory as a script. Regards Slawek ... View more

Re: Question On NAT Configuration

by in General Topics
‎11-26-2014 11:25 PM
‎11-26-2014 11:25 PM
Hello I have meraki AP and I didnt experience any problem with NAT. Please create security policy from IP_of_Meraki to Untrust with aplication any, service any that will allow traffic and after few hours/minuts You can go to traffic and filter traffic from this rule to see what apllication is needed. In my scenario it is: Regards Slawek ... View more

Re: cli command to capture accepted traffic and dropped traffic.

by in General Topics
‎11-21-2014 04:21 AM
1 Kudo
‎11-21-2014 04:21 AM
1 Kudo
Hi You have to secify files for every type of traffic (ie drop) debug dataplane packet-diag set capture stage drop file <filename> If this file has size >0 there is something dropped.  Please use Wildshark to open this file and investigate further. Regards Slawek ... View more

Re: scheduled report - problem

by in General Topics
‎11-17-2014 01:20 AM
‎11-17-2014 01:20 AM
Hi Ssharma I will do that. I have one question (just for clarification) why when I cliced "Run now" I get Name and ID but when _the_same_ report is generated automatically by scheduler it hasn't such information? Regrads Slawek ... View more

scheduled report - problem

by in General Topics
‎11-16-2014 12:08 PM
‎11-16-2014 12:08 PM
Hello I have group of reports that are gnerated every week. Every custom report I tested using "run now"before I let them work scheduled. My report looks like: and the output: but output from pdf that I got on email: as You can see, the "Name" and "ID" column is missing. My small investigation give some dubt. Why this (and one before) report has different icon than most of them? What does it mean icon from "ataki na serwery"? This report generated from Monitor > Reports work properly and output generated as pdf looks OK. Please tell me where I pass mistake in configuration  or is it a bug? Regards Slawek ... View more
Labels:
Register or Sign-in
Contact Me
Likes Given To
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks