About Brandon_Wertz

So this is stemming from a security policy that I've since had changed, but in essence this was a FQDN drop, so a L3 drop.  The original intent was users wouldn't be getting a response page at all.  The security team didn't want "callbacks" to malicious domains so there was just a L3 drop rule for specific stuff.   I've since gotten this changed where these types of things are getting integatred into a L7 block so users would see a response page.   In short I'm trying to troubleshoot something that I don't foresee being a big issue moving forward, but I'm still curious to understand how understand the academic question of how can I see an "end-to-end" log of a single session so to speak from when a user tries to vist a single page without creating a specific user report. ... View more

*EDIT - Fixed the summary of the last two captures, they needed to be flipped*   So here's a PCAP from the FW the Rx stage and Drop stage from me going to the site.   Looking at stream 1 that's me trying to go to the site.  With the timehack of 15:31:40.123961     This is the drop stage where you can see continual request to the IP occuring at timehack 15:31:40.155869 which again is immediately after the inital web request.           This is looking at the Rx stage where you can see where the communication to the IP in question for the FQDN drops.  This is occuring on stream 20 at 15:31:40.155287, so after the "start" of the web request.       So does anyone have a good way to track in some sort of consolidated log without performing a report on a specific user every time this comes up? ... View more

No dice on that search query. ... View more

So here's the URL log view:     Unfortunately no where does this log say anything about an IP address or the FQDN block totally not associated with MSN that prevented this page from even loading. ... View more

I get what you're saying @Raido_Rattameister, but there's also an application "SSL."   Personally I'd rather be able to control policy down to the minute detail that I want to allow "Web-Browsing" w/o allowing access to "SSL" site.   So personally I don't mind where Palo is going here. ... View more

Exactly what I was looking for thanks @jdelio ... View more

I think someone missed something we they put together the release notes doc for GP 3.0 (2.3?)   ... View more

I understand the gripe, but can you not get the info you're looking for by looking at the statistics from the po/vPC? ... View more

Question for you guys...Other than the UI / asthetics are there any detractors over AnyConnect?   My company has around 3,000 remote users at peak, but typically around 1,500.  A great feature around the ASA is a function called CWS.  Essentially it allows us to cloud enable web content filtering.  With CWS we can allow clients to go "direct out" to the Internet w/o having to force all remote clients back to a corporate HQ get processed and then sent back out to the Internet.   Unfortunately CWS only works for HTTP(S) traffic.   With GP can we leverage PAN-DB and have users get filtered in the cloud as well? ... View more

@btrotter Also this may or may not be related to your issue.   Specifically my last post:   https://live.paloaltonetworks.com/t5/General-Topics/Dual-NIC-IP-Mapping-Issue/td-p/5936/page/2   regarding the whole Intranet settings and regristry settings that might need to be changed. ... View more

From CLI you can execute this command:   show user ip-user-mapping all type CP   and see all successful CP users.   From the GUI in the system logs you can use the follwing syntax:   ( description contains 'Captive Portal authentication succeeded' )      OR   ( description contains 'Captive Portal authentication failed' )   You can use these to help diagnose why some are working and some aren't. ... View more

@btrotter it's a PITA ... View more

Trust me I'm feeling froggy with all the extra features 7.1 has, but I prefer to keep my job.  So I sit and wait...waiting to play with the shinies...Begging for me to bring them out to play. ... View more

@brucegarlock Commits are great in 5060s.  hahaha ... View more