This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About ksalustro

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
ksalustro
‎04-17-2024
since ‎09-18-2009
L3 Networker
User Activity
User Profile
Latest posts by ksalustro
View All
User Badges
Community Statistics
Member Since ‎09-18-2009 10:25 AM
Date Last Visited ‎04-17-2024 12:56 AM
Posts 45
Total Likes Received 7

Re: Multiple Gateways and Pre-logon

by in GlobalProtect Discussions
‎05-27-2021 09:13 PM
‎05-27-2021 09:13 PM
Fabiano's suggestions did not work for me since I was already not using auth cookies. By default, the user's tunnel will be renamed and they will stay on the same gateway. But, perhaps you have a windows user group and you want them to get directed to a 2nd gateway. If you do refresh connection, they will switch, but you want it to happen automatically.   So, consider setting this timeout value for the pre-logon tunnel, under App settings, to 0:   Pre-Logon Tunnel Rename Timeout (sec) (Windows Only)   This setting controls how GlobalProtect handles the pre-logon tunnel that connects an endpoint to the gateway. A value of -1 means the pre-logon tunnel does not time out after a user logs on to the endpoint; GlobalProtect renames the tunnel to reassign it to the user. However, the tunnel persists even if the renaming fails or if the user does not log in to the GlobalProtect gateway. A value of 0 means when the user logs on to the endpoint, GlobalProtect immediately terminates the pre-logon tunnel instead of renaming it. In this case, GlobalProtect initiates a new tunnel for the user instead of allowing the user to connect over the pre-logon tunnel. Typically, this setting is most useful when you set the Connect Method to Pre-logon then On-demand, which forces the user to manually initiate the connection after the initial logon. ... View more

Re: GlobalProtect: Pre-logon Authentication

by in GlobalProtect Articles
‎05-27-2021 09:06 PM
‎05-27-2021 09:06 PM
@brianjreed thanks for finding that setting. I have 2 gateways... pre-logon users all go to gateway A. Post-login, default users stay on gateway A but a certain user group needs to connect to gateway B. The trouble is that the user group was staying on A instead of switching to B. So hopefully this timeout will fix my issue. ... View more

Re: Can PA log a address of spoof attack?

by in General Topics
‎03-03-2021 08:55 AM
‎03-03-2021 08:55 AM
We had an issue where anti-spoofing was blocking traffic, and there was nothing about it in the threat logs. ... View more

Re: Device certificates for Panorama-managed devices

by in General Topics
‎01-12-2021 11:35 AM
‎01-12-2021 11:35 AM
I followed that and I see it there in the bottom banner. They sure did a good job hiding it 😉 Thanks! ... View more

Device certificates for Panorama-managed devices

by in General Topics
‎01-11-2021 01:02 PM
‎01-11-2021 01:02 PM
Hi, The screen below is from support.paloaltonetworks.com in Assets/Device Certificates. I am trying to get the device certificates for the firewalls that are managed by Panorama, without doing it locally on each firewall. In Panorama, where to I go to get the "text/code provided by your Panorama"??? That little blue "I" info button provides no info... 😞     ... View more

Re: GlobalProtect SAML Metadata

by in General Topics
‎12-15-2020 01:21 PM
‎12-15-2020 01:21 PM
Just fyi, I have this working in an Azure environment, with a private IP on the virtual firewall in Azure, and didn't run into this problem... SAML works fine to Azure. ... View more

Re: GlobalProtect SAML Metadata

by in General Topics
‎12-15-2020 01:18 PM
‎12-15-2020 01:18 PM
'vsys1' is supposed to show up as an option. Did you try to type in `vsys1` manually to see if it lets you? ... View more

Re: Device Certificate - Where to find OTP?

by in General Topics
‎05-29-2020 07:34 PM
3 Kudos
‎05-29-2020 07:34 PM
3 Kudos
Thanks, i did this and the new cert is good for 3 months. Why is this necessary? I've never had the issue before v9.1.2. Am I going to have to do this every 3 months from now on?   ... View more

Re: 2-Factor Authentication for Admin Login

by in General Topics
‎02-06-2019 06:31 AM
1 Kudo
‎02-06-2019 06:31 AM
1 Kudo
Correct, this is supported in 8.1. See the updated page: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/device/device-server-profiles-multi-factor-authentication   For the following authentication use cases, the firewall integrates with multi-factor authentication (MFA) vendors using RADIUS and SAML: Remote user authentication through GlobalProtect™ portals and gateways. Administrator authentication in the PAN-OS and Panorama™ web interface. Authentication through Authentication policy. ... View more

Re: How to disable Global Protect inside Firewall

by in General Topics
‎06-27-2018 11:48 AM
‎06-27-2018 11:48 AM
What settings do you give the inside gateway? I'm confused on how the GP agent "knows" it's on the inside network. Is it based on whether or not the internal gw name resolves to an IP? Or the IP is reachable? Or something else? ... View more

Re: PA doc regarding migration tool instructions for Check Point is missing its attachment

by in General Topics
‎09-02-2015 08:00 AM
‎09-02-2015 08:00 AM
Thanks! It was missing but it's there now. ... View more

Imported Check Point config shows objects and nats, but no rules - Migration tool v3.1.1

by in General Topics
‎08-28-2015 02:35 PM
1 Kudo
‎08-28-2015 02:35 PM
1 Kudo
I'm importing a Check Point config into the Migration tool, v3.1.1   I see the imported objects and nat's ok, but the rules page is empty and says "no data to display" in the bottom right.   I chose the files objects_5_0.C, rulebasename.pf, rulebases_5_0.fws, and the routes.txt (output of netstat -nr). I've tried it with Option A both checked and unchecked, and get the same results. I'm sure that rules.C is not in use for option B. (Shouldn't those be radio buttons, since it's one or the other?)   I am pretty sure I'm importing the right files, but not 100% sure since the doc that explains exactly what files to import has no is not available. (I posted about that here).   Am I using the right files, or is there some other problem? Thanks. ... View more
Labels:

PA doc regarding migration tool instructions for Check Point is missing its attachment

by in General Topics
‎08-27-2015 07:43 PM
‎08-27-2015 07:43 PM
The Migration Tool manual v3.1 says: “To understand what options we have to active when we migrate from Checkpoint please read this document first: https://live.paloaltonetworks.com/docs/DOC-9418”   But when I go to that doc, it actually has no attachment, so I can’t find the info I want. (I’m hoping it will tell me what specific files to use for a Check Point firewall conversioe, such as whether to use objects.C or objects_5_0.c etc.   Pls help me out here. Thanks. ... View more

Re: User ID agent on Vista/Win7

by in General Topics
‎02-24-2011 03:27 PM
‎02-24-2011 03:27 PM
Thank you for that info, kamish! ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎04-17-2024 12:56 AM
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks