About bradk14

was it working for a while and then went to the portal? it may be that the association timed out and a WMI probe or a security related event didn't occur within that timeout time frame. ... View more

is it possible you don't have all of the AD servers defined in the UID agent? ... View more

there is no 8.1, the current version is 8.0.1 and I don't believe you'll have much luck finding anyone encouraging you to update to it just yet, although it does appear to be fairly stable.   I'd recommend going to 7.1.9 and you shouldn't have an issue if the other end is on a PA with 7.1.x, as one side is always going to be a lesser version until they're all upgraded. ... View more

honestly, I'd strongly consider just rebuilding them manually within PA.   nothing automated as far as I'm aware, but I'm sure it's technically possible with the API. Even the migration utility skips VPN migration, in part because by default the pre-shared key is masked when submitting the show run. ... View more

@Brandon_Wertzapologies if my point wasn't clear. I'm not disparaging or questioning the use of multiple providers, I was just trying to streamline the question. Whether you have 1, 2, 3 or 5 or more ISPs, the process should be the same. You shouldn't have to rely on each PA in an HA pair to be responsible for a single ISP connection, especially when you are setting out to have an Active/Active configuration just to accomplish it. The process should be the same for as many external connections as you may have and that's to use that switch before the firewall to be able to 'split' the connections and leave the passive firewall's ports disabled. ... View more

if it's possible, I haven't figured it out. best advice I can find is to add the description column so it's displayed in the policy list and just visually identify any rules that don't say 'none' in that column ... View more

if I am understanding the question, we can actually simplify it to a single ISP. I mean basically you want each firewall to be able to leverage having two available ISPs, correct? in that case, your approach would be the same as asking how you would configure a single ISP to work with a firewall pair in HA.   and I believe the response would be to have an intermediate switch (or two depending on your desire for switch HA), so that the ISP is plugged into one port and each PA is plugged into another port (for a total of 3), and then just scale that up for 2 ISPs (likely private VLANs on the switch for each set of 3 ports).   if that makes sense. i've had a day, so my brain is fried anyway. that's my excuse.   ETA: You will be warned and very well educated to try to avoid putting PA in active/active unless absolutely mandatory, such as in the case of resolving asymetric routing issues. ... View more

okay, sorry, you had me confused as you said untrusted interface which I took to generally be the internet. ... View more

forgive me if I'm way off base here or missed something, but just taking a step back...   is the trusted IP a public IP? or do you have a destination NAT rule configured so that the outside can reach it?   is your security policy configured correctly? i.e., post NAT security zones (which sounds correct), but pre-NAT IPs (so your destination IP should be the inside IP, not the public IP).   Can you share your NAT and Security policies?     ... View more

I believe the redirect was just an example. you have all of javascript at your disposal (assuming the client browser is running javascript), so you can make it as complex or as simple as you wish.   but if you do take the redirect approach, yes, you'd have to provide your own server/sever side scripting. ... View more

it wouldn't be free, but probably the easiest approach is to install a PA VM in AWS and just pay for the time it's running. ... View more

right in the lower right hand corner is an option to change the number of entries shown per page         ... View more

if you want to create policy based on full URLs, you need to have SSL decryption in place. ... View more