About simsim

Hi, 1) You utilize a proxy server that is serperate from the Palo Alto deivce? yes  2) This was working and your Palo Alto is not a new install? yes  3) The after a set date 'just stopped' regardless of browser.   let's say two persons are using same chrome or firefox ,for one person it works, the other one it does not . And IE users almost it 's ok    Thanks   ... View more

Hi, This is the  vendor   requirement for wildcard .   This is their defenition of  wildcard    In the following, Regular refers to a certificate that is issued in the exact name of your EZproxy server (e.g., ezproxy.yourlib.org) whereas Wildcard refers to a certificate that is issued as *. followed by the exact name of your EZproxy server (e.g., *.ezproxy.yourlib.org). These form of certificate names are the two types that can be created from within the SSL configuration option provided by EZproxy.   ( we choose the above )       If you create a wildcard certificate outside of EZproxy that is a wildcard for your domain (e.g., *.yourlib.org) and if you are using proxy by hostname, you must edit config.txt and add "Option IgnoreWildcardCertificate" to indicate that your wildcard is not in the form EZproxy expects. If you do this, your wildcard certificate will behave as a Regular certificate, which includes providing browser warnings when https web sites are proxied.   Note on wildcard certificates: EZproxy expects the wildcard domain name to be specified with the CN element in the Subject field.  The non-wildcard domain should be specified as a DNS element in the Subject Alternative Name (SAN) field.   yyyy.com.proxy.mycompany.com here yyyy.com a site which reside outside  and proxy.mycompany.com is   proxy server fqdn    Thanks         ... View more

Hi, It's not facebook , I just was showing the error . I am getting this error in firefox , chrome  (ver 57).   Is there something  needed to verified from PA side  finally as per your expert opinion        Here what I am getting on the firefox    Your connection is not private Attackers might be trying to steal your information from yyyy.com.proxy.mycompany.com (for example, passwords, messages or credit cards). net-err_cert_common_name_invalid   Hide Advanced This server could not prove that it is yyyy.com.proxy.mycompany.com ; its security certificate is from *.proxy.mycompany.com. This may be caused by a misconfiguration or an attacker intercepting your connection. Proceed to yyyy.com.proxy.mycompany.com (unsafe)   proxy team blames PA : ) because of the sentence in the error message  "This may be caused by a misconfiguration or an attacker intercepting your connection."    Thanks   ... View more

Hi, I can't find anything in the log related with the url, the user getting an error like below  , I was assumming  PA doing something ,  I feel it like it happens after url filtering added in the policy .   Certificate seems to be ok .   What is your expert opinion    Thanks     ... View more

Hi,   Is there a possiblity  giving certificate error instead of giving  response page (from palo alto )  to the  End user  ... View more

Hi, Here is the error Your connection is not private error accessing You cannot visit the site right now because the website uses HSTS . I don't have ssl decryption policies . Any ideas Thanks ... View more

  Hi, I was talking about the above error    Thanks ... View more

Hi, Let's say a bot sending heavily from the inside network ,How the system statics can help to figure out ? Second thing ,Before we noticing the report ,How can we protect bot bringing down the pa? Thanks   ... View more

Thanks reaper,   I had botnet  in my network , and caused dataplace cpu hog ,  To avoid these kind of situation what we need to do ? Thanks   ... View more

Hi,     the deployment is active active ,   Both PA  was showing the same error before the seondary pa rebooting     HA Group 1: Local HA2 keep-alive up 04/15 14:57:47 HA Group 1: All HA2 keep-alives are down 04/15 14:57:39 HA Group 1: Local HA2 keep-alive down   04/15 14:57:39   after rebooting the secondary  showing the below logs  but the primary  showing  the same above .     HA Group 1: Local HA2 keep-alive down 04/15 18:24:40 HA Group 1: All HA2 keep-alives are down     04/15 18:24:40 HA Group 1: Peer HA2 keep-alive down I am monitoring the ha2  interface on switch side  , but there is no trace for link down status      Thanks     ... View more