This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About MemphisBrothers

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
MemphisBrothers
‎06-20-2017
since ‎07-21-2012
L3 Networker
User Activity
User Profile
Latest posts by MemphisBrothers
View All
User Badges
Community Statistics
Member Since ‎07-21-2012 04:31 PM
Date Last Visited ‎06-20-2017 02:58 PM
Posts 60
Total Likes Received 11

What type of policy\rules do you need to access an internal licenses server from the internet

by in General Topics
‎11-18-2013 06:43 PM
‎11-18-2013 06:43 PM
I have an internal licenses server that users need to access from the internet, 10.1.3.21.  The The external exposed ip is 216.55.55.10 The application on the users computer needs the following TCP ports open through the firewall so that client workstations are able to obtain a license from your license server system. lmgrd.exe needs INCOMING TCP ports 27000 to 27009 and adskflex.exe needs 2080.  What is the easiest way to  address this? We need a natting rule correct?  What type. Once I figure out the natting rule then I can created policies to allow application traffic on the necessary ports.  Unless there is an exev simpler way to create it all.  Ideas welcome ... View more

Re: What are the available variables for response pages?

by in General Topics
‎06-06-2013 07:44 AM
‎06-06-2013 07:44 AM
Yes I need to see the offending user IP and there is no variable for that if the user exits.  Anyone know ... View more

Re: Cannot block site viooz.co

by in General Topics
‎05-08-2013 10:22 AM
‎05-08-2013 10:22 AM
All due respect to you, it may work in your lab.  But that is the first way we tested it in our real world environment and it did not stop students from accessing the site.  All recommendations are appreciated.  ... View more

Re: Cannot block site viooz.co

by in General Topics
‎05-08-2013 06:47 AM
‎05-08-2013 06:47 AM
Dude, really.  You don't think I have tried that?  It does not work.  I did find a clever way to stop it. Go to Objects -> Regions. Add a new one and name it whatever (I called it Viooz_Lithuania for testing). Put 5.199.170.104 as the IP address for the region. Then, go to Policies -> Security and create a new security policy. I named it Block_Viooz. The rule looks like this: Source Zone: Trust (LAN) Source Address: Any Source User: Any HIP Profile: Any Destination Zone: Untrust (ISP) Destination Address: choose the Region you created (Viooz_Lithuania for me) Destination Application: Any Destination Service: Any Action: Deny Profile: None I set this rule near the top of the list, and then when trying to browse to http://viooz.co, I got page cannot be displayed, and a Deny entry logged in my Traffic Log. ... View more

Re: Cannot block site viooz.co

by in General Topics
‎05-07-2013 12:03 PM
‎05-07-2013 12:03 PM
Brightcloud has it as an entertainment category.  It should also be streaming media and illegal.  I have requested a change.  ... View more

Cannot block site viooz.co

by in General Topics
‎05-07-2013 11:48 AM
‎05-07-2013 11:48 AM
This is an illegal movie site that shows anything even stolen movies for free.   The IP address is 5.199.170.104  I have tried blocking the site name, the ip.  Nothing works.  It's almost like the site is an anonymizer itself.  I would love any help at all.  I need to totally block this site from our network. I have redundant PA-500s.  ... View more

How can I detect and stop 3rd party VPN tools used to bypass my network security

by in General Topics
‎04-29-2013 10:11 AM
‎04-29-2013 10:11 AM
We are a private high school with a growing laptop population but these kids work hard trying to circumvent our security.  They have found using 3rd party VPN tools, mostly single exe's they hide in their recucle bin when they fear exposure.  This tool comes with statements telling the user it is illegal and it will get them around the "best security systems your school has". How can I detect and prevent this type of process from running on our network. ... View more

Re: Youtube Edu

by in Automation/API Discussions
‎03-21-2013 04:49 PM
3 Kudos
‎03-21-2013 04:49 PM
3 Kudos
I urge Palo Alto to address this as soon as possible.  I am the Network Admin for a private HS we could really use it.  We deployed laptops to freshmen and have NO books.  Our entire delivery system is through the device.  Teachers use Youtube extensivly but students abuse the privelage.  Currently I have to block Youtube for all stuidents and have teachers run the videos on the projector for in class and students access youtube from home openly. Makes it hard for the journalism and broadcasting classes. ... View more

Re: Re-evaluating current structure

by in General Topics
‎03-07-2013 07:01 AM
‎03-07-2013 07:01 AM
It is a step.  We have Spring Break coming up.  Perfect time to re design the policies.  I'll start with the Scorched earth policy and open from there. ... View more

Re: Students, using HTTPS now on Proxies

by in General Topics
‎03-07-2013 06:32 AM
‎03-07-2013 06:32 AM
I just got into the PA this past year. Would you mind sharing how you set up the SSL Decryption with our school? ... View more

Re: PANOS 4.1 vs 5.0

by in General Topics
‎03-05-2013 07:27 PM
‎03-05-2013 07:27 PM
They tell me at least by the 3rd week of March.  ... View more

Re-evaluating current structure

by in General Topics
‎03-05-2013 07:04 PM
‎03-05-2013 07:04 PM
I am currently managing users via AD groups but need a more granular approach.  I recently added a BYOD device manager to my network.  It divides my 2 main groups using a specific IP range.  If I use this method to manage users I will probably have to reset all my policies.  My question is should I start by blocking all processes then open just what we need.  Which rule should go first? I have Students and faculy-Staff Faculty-Staff can have network access, printers etc.   social media, streaming media, Netflix etc Students with Auth machines can have network share access No Social Media, games, (all the usual blocks)  limited (QOS) streaming media, no Netflix, Hulu TV. What rules should I start with ... View more

Re: PANOS 4.1 vs 5.0

by in General Topics
‎03-05-2013 10:43 AM
‎03-05-2013 10:43 AM
Second that ... View more

Re: I extended an IP Range and now I cannot see those user-ids in the monitor.

by in General Topics
‎03-05-2013 07:51 AM
‎03-05-2013 07:51 AM
Confirmed all of the above.  I fixed the problem and no one even touched on it. Reverse DNS look-up.  If you use Windows DNS you have to make sure there is a reverse DNS look-up for the designated IP addresses.  Once I set that us the data started filtering in slowly but surely.  Riddle solved folks.  ... View more

Re: PANOS 4.1 vs 5.0

by in General Topics
‎03-05-2013 07:43 AM
1 Kudo
‎03-05-2013 07:43 AM
1 Kudo
Definitely not!  There is a bug in 5.02.  I had to roll mine back.  The bug caused the device CPU to hit 100% after a day or two and the only fix is restarting the management console.  The after effect there caused me to restart my device.  I am told by support that 5.03 has a fix for all that. ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎06-20-2017 02:58 PM
Latest Tags
No tags yet
Likes Given To
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks