This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies. For details on cookie usage on our site, read our Privacy Policy
Dear Team, I have a question do you recommend putting Zone protection on the Zone which I have for GP. I am using loopback External IP for the connection and in the GP Zone I have added the tunnel interface. Just want to understand if best practice to put zone protection on this zone? Thanks
... View more
Hi I have setup Global protect and I want to use it with LDAP Authentication profile. It works fine however when in the auth profile I add a specific AD group so only users in the group allow to connect to VPN it doesn't work. Even sometime with specific group added others users can connect to the VPN or it doesn't allow anyone to connect. Already added the groups from User Identification tab and group mapping. Through CLI I can see the member of the AD group. Not sure if this requires a licence as I am doing this in a LAB and licence has expired. Any advice on this please.
... View more
Hi, I am trying to setup Radius Authentication with PA. I have setup EAP(PEAP) and EAP-MSCHAP v2 on the windows radius server. However I can only login to the firewall using PAP. I have tried to import the certificate from the radius server but not sure why I can't use the EAP or MSCHAP options. Please advice as I am not sure if I am exporting and importing the certificate corretly. Thanks
... View more
I had a similar issue where I have a main rule to allow Facetime, itunes etc. For some reason even I had stun added to the same security rule, it was getting denied by the default rule. So what I did was created a another security rule on top and added the stun app seperately which fixed the issue.May be you can try this.
... View more
Hi Ahemd, Yes please explain bit more. Also best to start checking all the configs again there must be something you have overlooked or missed. I am sure mgmt profile is attached to the interface and ping is allowed. you can also try traceroute from the problem server and see where it stops. Thanks.
... View more
Hi, I want to know if there is a way to forward all switch traffic to single Destination port of Palo alto. So far I can find on switch side you can make a singel port source and destination the PA port. Just want to know if we can monitor all ports on the switch? Thanks
... View more