This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

About reaper

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
reaper
‎02-26-2026
Cyber Elite
since ‎11-16-2010
Cyber Elite
User Activity
User Profile
Latest posts by reaper
View All
User Badges
My friends
Community Statistics
Name Tom Piens
Location antwerp
Personal web page https://PANgurus.com
Member Since ‎11-16-2010 12:55 PM
Date Last Visited ‎02-26-2026 03:44 AM
Posts 5,536
Total Tags 1754
Total Likes Received 1817

Re: Adding PA DR site globalprotect SSL-VPN gateway

by Cyber Elite in GlobalProtect Discussions
‎11-06-2025 12:59 AM
‎11-06-2025 12:59 AM
you don't need to add a portal component to the DR site necessarily. Clients will retain their configuration if the portal is down so they'll be able to connect to the DR gateway if the main gateway is down. You can set up the main gateway with highest priority and the DR site gateway with lowest priority so clients only connect to the DR when the primary is unavailable   if you want to be able to run a portal on the DR; you can configure it to be an exact copy of the main portal and change the DNS A record in case of extended outage ... View more

Re: Access problem Autoassist

by Cyber Elite in General Topics
‎11-06-2025 12:51 AM
‎11-06-2025 12:51 AM
I think that tool was abandoned a couple years ago. was it accessible recently? (haven't been able to access it for several years already) ... View more

Re: One portal, multiple gateways for different users

by Cyber Elite in GlobalProtect Discussions
‎11-05-2025 04:35 AM
‎11-05-2025 04:35 AM
Certificates are always checked first. Depending on your authentication preference (cert AND auth, or cert OR auth) will take priority and skip SAML, or will be required before going to SAML Combining both companies on the same portal would require the OR condition, so no SAML for C1   after that first hurdle, the different gateways can be set up by creating an agent profile with a config selection criteria set to for example user groups. tricky thing there is that the C1-certificate-only users wont be able to match a group so you'll need to set the C2 profile on top with the group selection criteria and the C1 profile below with no selection criteria ( which could lead to cross-contamination if a C2 user falls outside the group mapping !)    the above is messy, so might i propose you try something different?   you can run the same URL on different ports and then use destination NAT to run different portals on loopback interfaces   e.g. vpn.doamin.com:1443 -> DNAT loopback 172.16.0.1:443 vpn.doamin.com:2443 -> DNAT loopback 172.16.0.2:443   that way you can run 2 completely separate portals ... View more

Re: PAN-OS 10.2.17 HA A/P - Mgt interface reported as duplicate IP of data interface

by Cyber Elite in Next-Generation Firewall Discussions
‎11-05-2025 03:58 AM
‎11-05-2025 03:58 AM
did you make sure to set the internal dataplane interface to a unique ip with sufficiently sized subnetmask (e.g. 10.0.0.1/24) and the management interface on a different unique ip with identical subnetmask (e.g. 10.0.0.2 255.255.255.0) ? ... View more

Re: Please tell me how to check the license in SCM.

by Cyber Elite in Prisma Access Discussions
‎11-05-2025 03:54 AM
‎11-05-2025 03:54 AM
hi @y.saitou    You can find your subscriptions here: https://stratacloudmanager.paloaltonetworks.com/settings/subscriptions and here: https://stratacloudmanager.paloaltonetworks.com/overview?container=All&containerType=container   ... View more

Re: LGTV and Netflix bugs out when going through Palo Alto

by Cyber Elite in General Topics
‎10-17-2025 03:33 AM
1 Kudo
‎10-17-2025 03:33 AM
1 Kudo
since the issue starts the moment you install the latest content package, my first assumtion would be something changed in one of the decoders that is breaking your netflix/lgtv  if you roll back to an older content package, does that fix the issue again?   you may need to open a support case to have that investigated ... View more

Re: Connecting back to Panorama

by Cyber Elite in Panorama Discussions
‎10-17-2025 01:30 AM
‎10-17-2025 01:30 AM
Unless you ended up making a bunch of other changes, there shouldn't be an outage, simply recommitting the same config ... View more

Re: PA-450 and ATT BGW320-505

by Cyber Elite in General Topics
‎10-16-2025 06:04 AM
‎10-16-2025 06:04 AM
not entirely sure which options are available on the BGW320 in regards to traffic segregation (between internet link and wifi network) but i have a similar setup and have decided to keep things simple and use my ISP router simply as a "modem" and assign the public IP to the external interface of my firewall. i put my wifi AP behind the firewall and disabled wifi on my ISP router ... View more

Re: Proper User-ID Configuration

by Cyber Elite in General Topics
‎10-16-2025 03:47 AM
‎10-16-2025 03:47 AM
it depends where your userID information comes from how you should design redistribution   If any of your firewalls serve up globalprotect, you should set them as a source as well. most efficiently it would probably be to set up a hub-spoke model with panorama collecting and redistributing all user-id information   if your user-id information only comes from your AD/user-id agent, you can connect all firewalls directly to user-id agent ... View more

Re: Delete detected infected file

by Cyber Elite in Cortex XDR Discussions
‎10-16-2025 03:31 AM
‎10-16-2025 03:31 AM
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-3.x-Documentation/Search-and-destroy-malicious-files < - ... View more

Re: Connecting back to Panorama

by Cyber Elite in Panorama Discussions
‎10-16-2025 03:18 AM
‎10-16-2025 03:18 AM
make sure you add the new rules to panorama and then push the config making sure you enable 'force template values' else it won't work once all the panorama config is back, delete all the local rules ... View more

Re: Service Connection for Prisma Access Browser- How to ?

by Cyber Elite in Prisma Access Discussions
‎10-16-2025 03:13 AM
2 Kudos
‎10-16-2025 03:13 AM
2 Kudos
in the Configuration > NGFW and Prisma Access > Explicit Proxy > Security Services > Security Policy ensure you have a policy that allows connections from trust to trust also add policy to Configuration > Prisma Access Browser > Policy > Rules and lastly, ensure your SC remote peer has a route back into the SCCAN for infrastructure IP subnet as the inbound connections will be Source NATed to an infrastructure IP   that should be all you need to do ... View more

Re: PA has only one admin account with "device administrator" Role

by Cyber Elite in Next-Generation Firewall Discussions
‎10-16-2025 02:48 AM
‎10-16-2025 02:48 AM
if you're able to 'load' a previous config version, you can roll back to when the admin account still existed.    Device > setup > operations > load configuration version   ... View more

Re: Exclude only communications on specific port numbers from Global Protect

by Cyber Elite in General Topics
‎10-16-2025 02:39 AM
‎10-16-2025 02:39 AM
The path to split tunneling is in the gateway configuration: Network > Globalprotect > Gateways > <yourgateway> > Agent > Client Settings   In client settings you can configure the Config Selection Criteria so you apply this profile only to a user/group/all-users (as depicted in my previous screenshot)   in the Split Tunnel config you can then (If you have the GlobalProtect or Prisma Access Agent license) set an exclusion for an FQDN with a specific port:     ... View more

Re: flow_tcp_non_syn_drop - packet capture on this counter?

by Cyber Elite in General Topics
‎10-13-2025 02:36 AM
3 Kudos
‎10-13-2025 02:36 AM
3 Kudos
you can set packet-diag to track this counter   > debug dataplane packet-diag set log counter flow_tcp_non_syn_drop   you'll need to enable logging, keep track of your dataplane resources to make sure you're not overloading your system, and then once a few seconds have passed (assuming the rate in your pasted output is 62 all the time) disable logging again, aggregate your captures and then check the aggregated file   reaper@PA-440> debug dataplane packet-diag set log counter flow_tcp_non_syn_drop reaper@PA-440> debug dataplane packet-diag clear log log reaper@PA-440> debug dataplane packet-diag set log on Packet log is enabled. WARNING: Enabling of debug commands could result in network outage. Not recommended if dataplane CPU is above 60%. reaper@PA-440> reaper@PA-440> reaper@PA-440> reaper@PA-440> show counter global filter delta yes | match flow_tcp_non_syn_drop flow_tcp_non_syn_drop 52 2 drop flow session Packets dropped: non-SYN TCP without session match reaper@PA-440> reaper@PA-440> debug dataplane packet-diag set log off Packet log is disabled reaper@PA-440> debug dataplane packet-diag aggregate-logs pan_packet_diag.log is aggregated reaper@PA-440> less mp-log pan_packet_diag.log   ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎02-26-2026 03:44 AM
Likes Given To
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks