This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

About JonHill

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
JonHill
‎05-06-2021
since ‎10-18-2018
L1 Bithead
User Activity
User Profile
Latest posts by JonHill
View All
User Badges
Community Statistics
Member Since ‎10-18-2018 02:34 AM
Date Last Visited ‎05-06-2021 10:59 AM
Posts 8

Re: User-ID Help

by in General Topics
‎02-09-2021 01:51 AM
‎02-09-2021 01:51 AM
Currently the Cache Timeout is set at 15 mins, I've read a couple of articles that this should be a lot higher and ideally half the DHCP refresh. I've also seen other articles that say if you're not using client probing it should be set at 600. Server log monitor is set at 2s and session read frequency is set at 10s. Any recommendations as to what these timers should be set at would be great? Thanks Jon ... View more

Re: User-ID Help

by in General Topics
‎02-08-2021 05:20 AM
‎02-08-2021 05:20 AM
Apologies for not replying sooner its been manic here and this is the first chance I’ve got to reply to your questions.   Thanks   Jon   What version of PanOS?                       9.08 Are you using samaccountname and userprincipalname?  Just samaccountname   Do you have the user-id agent parsing every single sec-event-log on every DC?               Yes Do you have "enable user-id" on for every internal zone?     No, just our two Trust zones, WAN and Internet. Do you use Terminal Services? If so do you have that agent in that environment as well? We don’t use Terminal Services in our environment but do use VDI. Are you using the same SPG for all rules or do you have multiple SPG's? Depending on your environment you can have one source subnet hitting a different policy /w a different SPG and URL filter if configured.    I have seen issues where a person is using a cached authentication in Windows when not connected to work via VPN and then attempts access which fails with the same type of error.     For testing I would use sites that are not super-trackers to see if the issue is as simple as all internal zones having user-id enabled. I would also check to see when it fails from the command line what it shows.    > show user ip-user-mapping all | match ken jhill@PHMDP01_PAN5250(active)> show user ip-user-mapping all | match jhill 10.170.38.229                                 vsys1               UIA     ulh\jhill                        867            867 10.130.239.12                                 vsys1               UIA     ulh\jhill                        868            868    Can the firewall get the updated ldap group membership?  Yes it can. > show user group list cn=blah.blah.f00   > show user group name cn=blah.blah.f00  It pulls back all the users in a group >show user group-mapping state Servers    : configured 4 servers               ... View more

User-ID Help

by in General Topics
‎11-30-2020 04:12 AM
‎11-30-2020 04:12 AM
In recent weeks we've had a problem reported where one minute a site will be accessible for instance Youtube and then it won't be and then it will and it goes on, after looking in the logs when  the connection to Youtube fails is when the log show no USER-ID when it works it shows a local USER-ID. We use an AD group for access to general internet and have this configured on the corresponding rule.   I've tried troubleshooting looking at various knowledgbase articles but haven't found any reason why sometimes USER-ID's are correct and and sites can be accessed and then othertimes they can't its also not happeing for all sites accessed at the sametime it may not work for Youtube but it will work for Google.   Can anyone give me any ideas why this might be happeneing? Thanks Jon     ... View more

Checkpoint Rule Import

by in Expedition Discussions
‎02-26-2020 06:39 AM
‎02-26-2020 06:39 AM
I've followed a number of articles to import our Checkpoint config into Expedition ready to import into our Palos but for whatever reason the Rules won't import, objects and NATs import fine but  the rules don't.   Our Checkpoint version is 77.30. I've followed https://live.paloaltonetworks.com/t5/Migration-Tool-Articles/Checkpoint-Different-Source-Files-Forma... for the migration tool which I've also tried but that fails to import the rules as well. The Rules are all in the rules.c file.   Can anyone suggest where I might be going wrong and how I can successfully import the rules? Any help would be much appreciated.   Thanks Jon ... View more

Connection Issues between servers

by in General Topics
‎07-05-2019 06:47 AM
‎07-05-2019 06:47 AM
I'm very new to PAN firewalls and are still learning as I go along, they've only been in a month or so and the only rule is currently set any any from the trust to untrust zones and vice versa.   We've got a couple of issues around some connections that traverse our 5250's (LAN to WAN and vice versa) but from the 5250's perspective its not seeing any traffic in the logs for the addresses in question, no deny drops allows nothing.   When we've done a packet capture from the servers on either end of the connection it shows the traffic leaving but its never seen on the 5250's. We've checked the routing and everything else in between but we've found nothing wrong.   Zone protection profile has been disabled.   Is there anything else that I can check to see if for one reason or another the 5250's are doing something they shouldn't to the traffic?   Any help would be much appreciated?   Thanks   Jon ... View more

Custom Report

by in General Topics
‎06-03-2019 02:08 AM
‎06-03-2019 02:08 AM
We deployed our 5520 recently between our LAN and MPLS connections and the reports from Panorama are great but I'd like to be able to create a custom SAAS report with specific source - destination traffic excluded from the report. Is this possible and if so how do I start building the report? Thanks Jon ... View more

Re: HA Link and Path Monitoring

by in General Topics
‎01-15-2019 12:42 AM
‎01-15-2019 12:42 AM
As you say it was down to the speed at which I re-enabled the interfaces that it had permanently stayed with the peer.   Is there anyway of changing these timers and where do I find them?   Thanks  ... View more

HA Link and Path Monitoring

by in General Topics
‎01-14-2019 05:32 AM
‎01-14-2019 05:32 AM
We've configured HA Active\Passive on a pair of 5250's running PAN-OS 8.1.5 and it works a treat and pre-emption also works as expected.   I've configured Link monitoring so if we get an HA failure if the trusted links fail which works and it fails over to the passive as expected but when the links come back it doesn't fail back again to the active unit.   Does Pre-emption work with Link and Path monitoring and if it does how is it configured?   Any help would be much appreciated.   Thanks   Jon ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎05-06-2021 10:59 AM
Latest Tags
No tags yet
Likes Given To
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks