This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About ajripa
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About ajripa
08-18-2015
10Posts
0Likes
0Solutions
Aug 18, 2015Last Visited
User
Activity
User
Profile
Latest posts by ajripa
| Subject | Views | Posted |
|---|---|---|
| 2639 | 02-26-2012 10:46 AM | |
| 3520 | 07-20-2011 04:22 AM | |
| 2388 | 03-27-2011 10:18 AM | |
| 2070 | 03-01-2011 01:50 AM | |
| 2989 | 03-01-2011 01:49 AM | |
| 2916 | 02-28-2011 02:17 PM | |
| 2070 | 02-22-2011 12:02 AM | |
| 2549 | 02-21-2011 04:46 AM | |
| 2989 | 02-11-2011 02:33 AM | |
| 3865 | 02-10-2011 02:45 AM |
User Badges
Community Statistics
| Member Since | 02-08-2011 10:35 AM |
| Date Last Visited | 08-18-2015 09:07 AM |
| Posts | 10 |
02-26-2012
10:46 AM
Hi, We are trying to connect our PAN 2050 OS 4.0.9 to a couple of user-id agent version 4.1.3. The connection is not established and the agent logs reports: Device thread 1 SSL no certificate Device thread 1 reply ver 5 msg with max ver 5, msg type 6 Failed to read message msg header. error -1 Device thread 1 SSL shutdown The PAN "show user userid-agent statistics" reports: Connection : Not Connected Version : <Unknown> number of connection tried : 41788 number of connection succeeded : 0 number of connection failed : 41788 number of user ip mapping messages received : 0 number of user ip mapping add entries received : 0 number of user ip mapping del entries received : 0 number of ip msgs rcvd but failed to process : 0 number of status messages received : 0 number of request of ip mapping messages sent : 0 number of request of all ip mapping messages sent : 0 number of request of status messages sent : 0 Any clue? Thanks!
... View more
- Tags:
- user-id
- user-id_agent
Labels:
- Labels:
-
User-ID
07-20-2011
04:22 AM
Hi! I would like to customize the captive portal response page including some corporative images. However, if I link the images to an external server, I get warnings from the browsers because the entire page is not secure. Is there any way to upload the images to the PAN? Thanks!
... View more
- Tags:
- captive_portal
03-27-2011
10:18 AM
I had a Block_All rule defined for logging reasons. This rule overruled the default intrazone-allow-rule and avoided the properly working of the vpn portal page.
... View more
02-28-2011
02:17 PM
Hi guys, I'm trying to set up ssl vpn on PAN. I would like to know which security policies are necessary to make the portal work. My actual rule is: Source Zone: untrust Destination Zone: untrust Source Address: any Source User: any Destination Address: public ip Application: ssl, ipsec, panos-web-interface, web-browsing Service: application-default If I use "any" as service, the portal is shown, I can log in and the tunnel works, but using the above rule the portal doesn't work. Inspecting the log I can see that traffic is denied by the default block rule. deny untrust untrust addr.src addr.dst 22735 443 addr.src.nat addr.dst.nat 22735 20077 tcp web-browsing deny default_block Addr.src = addr.scr.nat Addr.dst = addt.dst.nat Somehow port 443 is mapped by some kind of nat to port 20077 so I suppose that I have to open it. Which port range should be opened? Thanks!
... View more
02-22-2011
12:02 AM
This link contains helpful information to address the issue. https://live.paloaltonetworks.com/docs/DOC-1260 Disabling tcp-reject-non-syn solves the assymetric routing problem. However, I am not sure about the security implications it could have. Thanks!
... View more
02-21-2011
04:46 AM
Hi guys, I have an issue I faced before with OpenBSD's PF Firewall but I am not able to solve with PAN. My topology is: INET ----- PAN ---- DMZ ---- Balancer ---- Balanced Servers | LAN The domain controllers for the DMZ domain are located in DMZ and their default gateway is PAN. The route to reach the balanced servers network is configured in PAN and I can reach the balanced servers network either from LAN and from DMZ. However, although I can ping from the domain controllers in the DMZ to the balanced servers and viceversa, I am facing some validations issues. These issues dissapear when I configure a static route on the domain controllers to reach the balanced servers directly through the balancer. I know it's weird to go through PAN to reach balanced servers from DMZ, but I don't like adding static routes to servers. I could solve the problem with PF modifiying the stateful behaviour. Any idea?
... View more
02-10-2011
02:45 AM
Hello, After some days using a PAN Firewall, I've notice that some URL are incorrectly classified. Is there any way to modify the standar URL categories? Thanks,
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-18-2015
09:07 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks