About sgoethals

Hi Everyone,   I have an issue that I haven't been able to resolve.  I have a small domain setup with a Windows Server Update Service that is located in a DMZ.  The machinges that are in the inside network (trusted), are setup to pull their Windows updates from the server in the DMZ.  I have setup Group Policy to make this happend, and it works fine for all of my servers.    The issue is that I have a Windows 10 machine that refuses to connect to the WSUS server. The same group policy is applied and when I look at Monitor, I can see attempts to connect to the server over port 8530 ( Default Port), but the traffic is identified at web-browsing instead of ms-update.     Since 8530 isn't a standard port for web-browsing, the traffic isn't allowed.  I know I could always setup an application override, but I shouldn't have to.  I cannot figure out why this particular machines traffic is recognized as web-browsing instead of ms-update.   If anyone has any suggestions, I would like to hear them.    Thanks ... View more

Hi,   I am setting up a  new Windows 2016 server that will host RDS.  I have installed TS-Agent (8.0.12).  No issues installing, however, the service won't start.   I am receiving  receiving the following:   The PAN TS Service failed to start for the following reason: Windows cannot verify the Digital Signature for the file. A recent hardware or softrware change might have installed a file that is installed incorrectly or damaged or might be malicious software from an unknown source.   Has anyone else seen this or no of a work-around other than disabling signature checking on files.   Thanks for the help.     ... View more

I am trying to configure OCSP and I am a little confused.   I have added an OSCP responder.    It appears the second step is to allow the Firewall to use it by configuring Device-Management->Interfaces.  However, for most of my settings, I am using a Service Route Configuration  and I don't see HTTP OCSP listed as an option in Service Route.  Is there a way to tell the firewall to use a service route instead of the management interface?   I also see references online (albeit old) that indicates I need to turn on HTTP OCSP for an Interface Management Profile that is used for a specific interface.  If this is the case, what interface should be used?   Could someone provide me with some guidance?     Thanks, ... View more

Does anyone know if the VM50 is supported on Windows Server 2016 Hyper-V?   I have downloaded the PANOS 8.0  Vhdx file and installed it based on the Server 2012  R2  Guidelines,  but every time I try to start the VM, I receive a message the virtual machine failed to change states.   I've verified my CPU, Memory and Network settings, and can't figure out why it won't start.   Thank for the assistance.     ... View more

I have a pretty good understanding of the difference between SRC and DST Nat, but there is one area that I could use some clarification on.   With SRC NAT, I understand that by selecting BI-Directional, it allows an IP to be translated to an outside address and that Bi-Directional created an implied policy so that someone on the outside could initiate traffic back to the machine from the outside.  It sounds like a good use case would be when the inside machine needs access to the outside and also requires the ability for someone on the outside to connect to it.   Wit DST NAT, I understand that it uses both the untrust (outside) zone for both the source and destination  Zone and that you use a translated address to get it to the proper machine hosted in another zone.  My question is does the use of DST NAT still allow the machine/server to originate traffic outbound?  For example, if you used DST NAT to provide access to a machine in a DMZ,  can that machine initiate traffic to the outside, or does it only allow inbound traffic?   I appreciate any feedback you can provide.   Thanks. ... View more