About emr_1

emr_1 · ‎03-12-2013

Hi If you want to filter rules which enables anti-virus profile, named 'default', you can use following filter (profile-setting/profiles/virus eq 'default') Does it help you? Regards,

emr_1 · ‎03-12-2013

Hi, To refresh manually following cmd might be helpful. >request system fqdn refresh or >request system fqdn refresh force yes Regards,

emr_1 · ‎03-11-2013

Oh, really? I'm able to see them as my screenshot. Is this depends on my account privilege or something related to? Regards,

emr_1 · ‎03-11-2013

5.0.3 is released. You can download it from Software Update in support portal, however direct download from the device is not ready yet.

emr_1 · ‎12-27-2012

Hi Does following article answer to your question? https://live.paloaltonetworks.com/docs/DOC-3947 By default, a Palo Alto Networks firewall will not block multicast traffic when configured in Layer-2 Mode. Regards, Emr

emr_1 · ‎11-27-2012

Hi Parth, I confirmed it works on my PA-200 v5.0.0. I was trying on PA-200 v4.1.9 before and did not work. Thanks a lot. Regard, Emr

emr_1 · ‎11-27-2012

Hi Benjamin Thanks for your reply. I tested with '\n' and '\r\n', but both didn't work as expected. Does it work on your device? If it works, I also want to know that you are configuring something in escaping characters field. Regards,

emr_1 · ‎11-27-2012

I'm trying to configure newline in custom log format. For example, if I configure "aaa<newline>bbb", and set it as mail alert. I receive email with "aaabbb". Does anyone know how to configure it? or is it impossible? Two picture shows configuration screen and my mailbox. Regards,

emr_1 · ‎11-15-2012

You can find minumum support version in Release Note. In the 4.1.9 RN, it says GlobalProtect agent '1.0.0'. I believe 1.2.0 also will be supported on 4.1.x. BTW, on my lab units (PANOS 4.1.9) it is working well for connecting GP by client v1.2.0. Regards,

emr_1 · ‎11-13-2012

How about this one: Cisco Link Aggregation Traffic Through a PAN Device Make sure you configure exactly same zone in two vwires.

emr_1 · ‎11-08-2012

My previous screenshot was on Panorama 4.1.x. I also attach new Managed Device page on Panorama 5.0.0. I think this is what you want to see, isn't it?

emr_1 · ‎11-08-2012

If you move your cursor onto Software version, you could see signature info.

emr_1 · ‎11-06-2012

I think PAN will reveal all new staff in Ignite Conferrence, coming on next week.

emr_1 · ‎10-26-2012

Are you sure? I could erase cert error with IP. I'll show you what I did in Excel file. Please refer to it. Don't surprise to Japanese... I commented in English . Regards,

emr_1 · ‎10-25-2012

I believe there are two ways. One: If you use self signed server cert, you need to trust this on the each browser, I mean I device. Two: If you don't want to do that, you need to purchase public server certificate such as verisign. Each browswer already trust verisign and major CA, you don't need to register it as trusted CA. You can find official announcement about this enhance at top of support portal. ===== GlobalProtect 1.1.7 implements enhanced checks for CA Server Certificates chain-of-trust. This change will cause some existing configurations to become invalid and may result in remote users receiving an error when connecting to the portal, or will not be able to connect if the certificate issue is present on the gateway. Before deploying the GlobalProtect Agent 1.1.7 to users, ensure that the Portal and all Gateway server certificates are valid and that the certificate Common Name (CN) fields match the FQDN or IP address of the portal and/or gateway that uses the certificate. The SSL certificate that you use for the GlobalProtect portal/gateway should have a Common Name (CN) that matches what you configured in the portal settings. For example, if your certificate has the CN of gp.example.com, ensure that your portal configuration lists the gateway as gp.example.com and does not use an IP address and vice versa, otherwise when the GlobalProtect Agent tries to connect it will generate an error specifying that the certificate CN does not match. Additionally, when the certificate is created, the Subject Alternative Name (SAN) must be exactly the same as the certificate's CN. If the certificate uses the CN of the DNS name, ensure that the SAN also uses the DNS name and not the IP address. A mismatch will cause the GlobalProtect Agent to recognize that the SAN is not the same as the CN and will also produce the certificate error. If your certificates are generated by a public certificate authority, then this will be done correctly and you should not have any issues. ===== OR You can use v1.1.6 and make feature request to PaloAltoNetworks to disable certificate check. v1.1.6 does not check trusted CA. Regards

Member Since	‎05-10-2010 06:49 PM
Date Last Visited	‎12-04-2024 01:04 AM
Posts	353
Total Likes Received	117

Online Status	Offline
Date Last Visited	‎12-04-2024 01:04 AM

About emr_1

Re: CLI: setting and unsetting log forwarding

Re: Sonicwall Firewall v6.5.4 migrate to PaloAlto Next Generation Firewall

Re: Minimize log size

Re: License for feature lcaas will expire on 2024/10/30

Re: License for feature lcaas will expire on 2024/10/30

Re: License for feature lcaas will expire on 2024/10/30

Re: CVE ID

Re: How to disable this warning message, or move it to notifications?

Re: PAN-OS 10.2.11 Device -> Setup page missing

Re: request sc3 reset API

Re: The required '11.1.0' base image must be loaded before this image can be loaded

Re: request sc3 reset API

Re: Does Global Protect RADIUS support Message Authentication? (to mitigate BlastRADIUS 9/10 CVSS vulnerability )

Re: Error: Total number of profiles (76) exceeds platform capacity (75)

Re: Where does it show which Agent Config applied to a specific users' Global Protect session

Re: TID 95187 is not on my signature list

Re: what does "SWITCH" in hardware architecture mean?

Re: any solution to keep tracking user IP mapping?

Re: any solution to keep tracking user IP mapping?

Re: [need help]can't see new incoming logs after upgrading M-100 into 8.1.12

Nominated Discussion: What does "SWITCH" in hardware architecture mean?

Nominated Discussion: How to Change Forward Decrypt Trust Certificate

Re: Howto validate security policies for content inspection enabled ?

Re: Manual FQDN Refresh

Re: Release Date for 5.0.3

Re: Release Date for 5.0.3

Re: How PAN deal with multicast traffic on Layer 2 mode.

Re: How can I configure newline mark in custom log format?

Re: How can I configure newline mark in custom log format?

How can I configure newline mark in custom log format?

Re: Global Protect 1.2.0

Re: PA in VWire mode between trunked ports

Re: Panorama - AV and Threat version on individual device in one view?

Re: Panorama - AV and Threat version on individual device in one view?

Re: PANOS 5.0

Re: Problem with certificate after upgrading GlobalProtect 1.1.7

Re: Problem with certificate after upgrading GlobalProtect 1.1.7

Nebula Beta

Unlock your full community experience!

About emr_1