Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
About lrangra
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About lrangra
09-24-2020
7Posts
0Likes
1Solution
Sep 24, 2020Last Visited
User
Activity
User
Profile
Latest posts by lrangra
| Subject | Views | Posted |
|---|---|---|
| 2516 | 09-24-2020 04:10 AM | |
| 2959 | 07-30-2020 01:02 AM | |
| 3216 | 07-18-2020 12:20 AM | |
| 2692 | 02-05-2020 04:01 AM | |
| 2804 | 01-28-2020 09:25 PM |
User Badges
Community Statistics
| Member Since | 08-09-2019 09:27 AM |
| Date Last Visited | 09-24-2020 04:15 AM |
| Posts | 7 |
09-24-2020
04:10 AM
We opened a case with TAC and the findings were: Problem 1: when the GP app running in Android container on a Chromebook managed by google admin console, my firewall sees a new serial I'd everytime it connects to firewall in Hip match logs even the host id is different. How can we make sure we use the unique mobile I'd to enforce the whitelist approach in Hip objects? Answer: Since the mode of deployment is kiosk mode for chromebook after reboot, a new container version will be created everytime. thus new serial number and host id. only the options given under Hip Object> General can be used. changing the mode to App mode at Google admin console will help. mobile id can only be used when we integrate with MDM. Problem 2: will this setup require a third-party MDM integration to enforce hip or can palo alto detect this without third party MDM integration. (Palo Alto only supports airwatch MDM integration) if we want mdm then we have to use airwatch. Problem 3: as per the 3rd party MDM compatibility matrix we only support Global-protect app deployment for andorid on a managed Chromebook using Google admin console. Will we be able to identify Chromebook based on mobile I'd? https://docs.paloaltonetworks.com/compatibility-matrix/globalprotect/what-features-do-third-party-mo... No we will not be able to. as the documents says only thing which is support is Global-protect app deployment. Problem 4: this below URL says we can enforce mobile I'd on a android running on managed Chromebook in step 5. However we are not able to and this contradicted above Matrix. https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/mobile-endpoint-management/s... Mobile id is only applicable when we have a MDM. currently only airwatch is supported.
... View more
07-30-2020
01:02 AM
yes the app gets uninstalled on reboot. since the app is running in Kiosk mode. it runs in a sandbox environment on managed chormebook.
... View more
07-18-2020
12:20 AM
Hi we want to deploy Global-protect app for Android on managed Chromebooks using Google admin console. Requirement: every device needs to be uniquely identified and then allowed. Kind of a device whitelisting for example Host id for windows. Problem 1: when the GP app running in Android container on a Chromebook managed by google admin console, my firewall sees a new serial I'd everytime it connects to firewall in Hip match logs even the host id is different. How can we make sure we use the unique mobile I'd to enforce the whitelist approach in Hip objects? Problem 2: will this setup require a third-party MDM integration to enforce hip or can palo alto detect this without third party MDM integration. (Palo Alto only supports airwatch MDM integration) Problem 3: as per the 3rd party MDM compatibility matrix we only support Global-protect app deployment for andorid on a managed Chromebook using Google admin console. Will we be able to identify Chromebook based on mobile I'd? https://docs.paloaltonetworks.com/compatibility-matrix/globalprotect/what-features-do-third-party-mobile-device-management-systems-support Problem 4: this below URL says we can enforce mobile I'd on a android running on managed Chromebook in step 5. How wever we are not able to and this contradicted above Matrix. https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/mobile-endpoint-management/set-up-a-mobile-endpoint-management-system/manage-the-globalprotect-app-using-a-third-party-mdm/deploy-the-globalprotect-mobile-app/deploy-the-globalprotect-app-for-android-on-managed-chromebooks-using-the-google-admin-console.html
... View more
01-28-2020
09:25 PM
Yes tag is created and i do see it in Objects>tags..its in vsys1
... View more
- Tags:
- tag i
01-24-2020
08:53 AM
So i am assuming you have enabled preempt on active firewall Then: The primary firewall, it will be passive waiting to preempt when links are back, though secondary has no internet either, so what happens here? So The secondary will take over as Active and there will be outage as it doesn't have a way out to internet. The secondary it takes over thought what happens here too (I haven't configured link and path monitoring yet on the passive firewall - should I do so)?till the time you dont have a readability from the second firewall there is no point in configuring ( you can do that by introducing a l2 switch in between internet router and both of the firewalls. Both firewalls are sitting there with no path to the internet. What happens here? If both the firewalls have path monitoring configured then they will play the Game of HA Dance(bouncing between each other) What happens with flapping in this case and not hard path link failure to both firewalls. Same as above Do I bother with virtual router path monitoring or rely on HA monitoring?We use VR path mointoring when we have 2 routes to a destination and we want to remove one when it goes down.in your case IFF you have 2 default routes out for internet (fro 2 ISP) then u can use that.
... View more
01-24-2020
06:41 AM
Hi, i am getting this error while adding tag to my address object ct. Tag is already created..
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-24-2020
04:15 AM
|
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks
