LIVEcommunity - About umar00o

umar00o · ‎03-13-2020

Hi Batd2, Thank you very much for the clarificatoins. Thanks

umar00o · ‎03-12-2020

Dear Team, I have a question do you recommend putting Zone protection on the Zone which I have for GP. I am using loopback External IP for the connection and in the GP Zone I have added the tunnel interface. Just want to understand if best practice to put zone protection on this zone? Thanks

umar00o · ‎03-04-2020

Hi MickBall I am going to give this a try and update here.

umar00o · ‎03-02-2020

Hi I have setup Global protect and I want to use it with LDAP Authentication profile. It works fine however when in the auth profile I add a specific AD group so only users in the group allow to connect to VPN it doesn't work. Even sometime with specific group added others users can connect to the VPN or it doesn't allow anyone to connect. Already added the groups from User Identification tab and group mapping. Through CLI I can see the member of the AD group. Not sure if this requires a licence as I am doing this in a LAB and licence has expired. Any advice on this please.

umar00o · ‎03-02-2020

Hi OleksM, We both having same issues. Thanks

umar00o · ‎03-02-2020

Hi, Thanks for your reply, well I think I am doing it correctly. Any one has a guide with images which I can use?

umar00o · ‎03-01-2020

Hi, I am trying to setup Radius Authentication with PA. I have setup EAP(PEAP) and EAP-MSCHAP v2 on the windows radius server. However I can only login to the firewall using PAP. I have tried to import the certificate from the radius server but not sure why I can't use the EAP or MSCHAP options. Please advice as I am not sure if I am exporting and importing the certificate corretly. Thanks

umar00o · ‎02-21-2020

I had a similar issue where I have a main rule to allow Facetime, itunes etc. For some reason even I had stun added to the same security rule, it was getting denied by the default rule. So what I did was created a another security rule on top and added the stun app seperately which fixed the issue.May be you can try this.

umar00o · ‎02-20-2020

Hi, I have a quick question which certificate do we need for Global protect VPN? Thanks

umar00o · ‎02-11-2020

I see, Thank you very much I'll try this in a lab and see how it goes. Thanks

umar00o · ‎02-11-2020

Yes worth giving a try to block .mp4 as inside tubemate you can downlaod files from alot of websites i.e.facebook, youtube, insta etc.

umar00o · ‎02-11-2020

Hi Ahemd, Yes please explain bit more. Also best to start checking all the configs again there must be something you have overlooked or missed. I am sure mgmt profile is attached to the interface and ping is allowed. you can also try traceroute from the problem server and see where it stops. Thanks.

umar00o · ‎02-11-2020

Hi, I want to know if there is a way to forward all switch traffic to single Destination port of Palo alto. So far I can find on switch side you can make a singel port source and destination the PA port. Just want to know if we can monitor all ports on the switch? Thanks

Member Since	‎08-01-2019 12:28 AM
Date Last Visited	‎03-16-2020 06:14 AM
Posts	13

Online Status	Offline
Date Last Visited	‎03-16-2020 06:14 AM

Re: Zone Protection on GlobalProtect Zone

Zone Protection on GlobalProtect Zone

Re: Global Protect Authentication Profile

Global Protect Authentication Profile

Re: Microsoft Radius Authentication with PA

Re: Zone Protection on GlobalProtect Zone

Zone Protection on GlobalProtect Zone

Re: Global Protect Authentication Profile

Global Protect Authentication Profile

Re: Microsoft Radius Authentication with PA

Re: Microsoft Radius Authentication with PA

Microsoft Radius Authentication with PA

Re: URGENT: Custom Application issue.

Gloabl Protect VPN Certificate

Re: TAP Mode

Re: Block Tubemate app (Youtube Downloader)

Re: reachability issue to PA FW interface vlan

TAP Mode

Network Security

Cloud Security

Security Operations