This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About Arne-VDH

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Arne-VDH
‎04-24-2024
since ‎01-06-2016
L3 Networker
User Activity
User Profile
Latest posts by Arne-VDH
View All
My Liked Posts
View All
User Badges
Community Statistics
Member Since ‎01-06-2016 06:00 AM
Date Last Visited ‎04-24-2024 06:23 AM
Posts 51
Total Likes Received 3

GP prompts for internal gw connectivity

by in General Topics
‎03-04-2020 03:08 AM
‎03-04-2020 03:08 AM
Hi all,   I've deployed a GlobalProtect installation solely for the purpose of User-ID. The GP agent connects to the internal portal/GW (one box) upon login with Kerberos SSO. However, when the internal gateway is not reachable (user has no network, user isn't on-prem), the GlobalProtect Agent notifies the user about this (no network / can't reach GW). Does anyone know how I can supress this warning?   ... View more

Re: Check Point R80.10 import / show package

by in Expedition Discussions
‎06-12-2019 04:15 AM
‎06-12-2019 04:15 AM
I checked and the file is indeed incorrectly formatted to JSON standards, but after running the export again, and then again on a completly other R80.10 management server, I found those were also incorrectly formatted to the standards -and hence would be 'normal'... Are you willing to take a look at it? I know the feature is in beta though. ... View more

Check Point R80.10 import / show package

by in Expedition Discussions
‎06-09-2019 08:45 AM
‎06-09-2019 08:45 AM
Hello,   Has anyone managed to get a R80.10 import completed based on the show package output? I've got the import of the address objects/services/.. but only the global access policy layer seems to get imported. They are present if I look at the contents of the json/html files inside of the package though. If I try to import the .json rulebase using the R80 import tab it reads a syntax error, malformed JSON. Any known tricks to get the others imported as well? ... View more

Re: How to update the policy in a project

by in Expedition Discussions
‎10-10-2018 03:26 PM
‎10-10-2018 03:26 PM
Then AFAIK you need to base your project on the Panorama config (and import the panorama configuration), not the firewall configuration. The Panorama pushed policies are not present in the firewalls running-config.xml or candidate config either, so it's logical the expedition tool can't retrieve them either. Vice versa, you will push your changes using API calls to Panorama and from Panorama to the device. ... View more

Re: Can't upload a Fortinet config file

by in Expedition Discussions
‎10-10-2018 02:50 AM
‎10-10-2018 02:50 AM
HW platform, chassis, cloud platform? I just dumped in a relatively complex config in the Expedition tool and it read it fine here (v106)... ... View more

Re: How to update the policy in a project

by in Expedition Discussions
‎10-10-2018 02:43 AM
‎10-10-2018 02:43 AM
Have you gone, outside of a project, to devices -> choose your device -> contents -> "retrieve contents" & save first? ... View more

Re: Change severity of updates - email warnings

by in General Topics
‎06-09-2016 03:43 AM
‎06-09-2016 03:43 AM
Then I'm at least not blind missing the option, I will & thanks! 🙂 ... View more

Change severity of updates - email warnings

by in General Topics
‎06-09-2016 12:56 AM
2 Kudos
‎06-09-2016 12:56 AM
2 Kudos
Hello,   Does anyone know if itis possible to change the severity of some email alerts? Like I don't know why saying app&threats/wildfire is updating every 15 minutes is categorised as severity "high"..   Kr, Arne ... View more

Re: Per port session TTL

by in General Topics
‎05-27-2016 06:15 AM
‎05-27-2016 06:15 AM
Exactly what I was looking for, thank you! 🙂 ... View more

Duplicating a rulebase for App-ID adoption

by in Automation/API Discussions
‎05-25-2016 05:42 AM
‎05-25-2016 05:42 AM
Hi,   For App-ID adoption in a pretty critical environment, we would like to duplicate each and every rule right above itself. Not a duplication of the entire rulebase above or below the rulebase. This would make it easier to compare the app-id rule with the non-app-id rule, allowing a riskless app-id migration. What would be an efficient way to do this, apart from clicking 7000*2 times? 🙂 Cloning a rule is possible, but when multi-selecting rules it would place all 7000 rules below or above the existing 7000 rules...   Kr, Arne ... View more

Per port session TTL

by in General Topics
‎05-25-2016 05:32 AM
‎05-25-2016 05:32 AM
Hi,   Am I correct when I state that a PAN firewall cannot set different timeouts per used port? Fortigates and Junipers seem to have this option, where they can set their defaults and specify -if required, for certain ports. On a PAN device, I don't think I'll have this option to do so, without prolonging them for all services and impacting more than I would like to see..   Kr, Arne ... View more

Re: Firewalls accessing Panorama: best practice

by in General Topics
‎01-21-2016 02:41 AM
‎01-21-2016 02:41 AM
Hi  Tom,   Thanks for your reply, I hadn't found that button yet. I'll figure the rest from here, thanks! ... View more

Re: Allowing Lync: enabling SSL decryption blocks it

by in General Topics
‎01-10-2016 07:31 AM
‎01-10-2016 07:31 AM
Actually, I tried that ("As a test, I added a no-decrypt rule for MS/Lync URL's, but that doesn't really make a difference.") using the list of URL's & IP addresses at: https://support.office.com/en-gb/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-GB&ad=GB#BKMK_LYO   But it still seems to fail on session age-outs.. ... View more

Allowing Lync: enabling SSL decryption blocks it

by in General Topics
‎01-09-2016 08:40 AM
‎01-09-2016 08:40 AM
Hi,   In a test setup I'm trying to allow MS-Lync while SSL decryption is enabled. I've got a general rule to enable SSL Decryption with the proper certificate installed on the clients end. In my security policies I've got a rule to allow Lync based on App-ID. Lync however refuses to even sign in.   The only thing I have noticed that DNS requests seeem to age out for a to me unknown reason:   As a test, I added a no-decrypt rule for MS/Lync URL's, but that doesn't really make a difference.   As soon as I disable the decryption rule, all works fine (but of course allows more than I would want). How can I exclude lync from being decrypted, or even better, how do I get Lync to get through with decryption enabled?   On: https://live.paloaltonetworks.com/t5/Configuration-Articles/List-of-Applications-Excluded-from-SSL-Decryption/ta-p/62201 there is a comment at the bottom from someone stating the issue that Lync is failing when SSL decryption is enabled, but he refers to a broken link. Any suggestions? ... View more

Re: How to setup no decrypt for Office365 and Lync

by in General Topics
‎01-08-2016 08:27 AM
‎01-08-2016 08:27 AM
Quick bump, have you verified this solution? Specifying the MS URL's in the no decryption policy to allow Lync?   Am I correct that when using App-ID (for MS-Lync), SSL decryption will be required (and probably eating up a lot of my available sessions)? If so it would seem pretty obvious to use the MS URL's and let App-ID be for what it is, or what other disadvantage am I missing? ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎04-24-2024 06:23 AM
Likes From
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks