Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
a week ago
8Posts
4Likes
1Solution
Oct 15, 2020Last Visited
User
Activity
User
Profile
Latest posts by rajjair
| Subject | Views | Posted |
|---|---|---|
| 124 | 2 weeks ago | |
| 114 | 2 weeks ago | |
| 1904 | 04-07-2020 08:08 AM | |
| 3453 | 04-06-2020 10:33 PM | |
| 2438 | 04-01-2020 08:10 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 04-07-2020 08:08 AM | |
| 2 | 04-06-2020 10:33 PM | |
| 1 | 03-25-2020 10:31 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 2 |
User Badges
Public Statistics
| Date Registered | 08-12-2019 03:32 PM |
| Date Last Visited | a week ago |
| Total Messages Posted | 8 |
| Total Likes Received | 4 |
2 weeks ago
On the User ID agent you can create an exclusion for the IPs that you are using global protect agent for as that can be used as user id at the authentication time and no rely on the DC to get user id vpn users also. That is what we do we exclude the IP subnet on the user id
... View more
2 weeks ago
I have experienced a lot issue with GP client and install issue when doing upgrades. I moved to script based install where we trigger an uninstall of the client. Clean the folder and regkey and the perform a fresh install.
... View more
04-07-2020
08:08 AM
1 Kudo
Karthik, Would be interested to see how that option goes when configured under the app agent... did you just put the domain url in there of you had to type in http://<website> For me adding that domain to split tunnel did not resolve the issue, it only worked once i added to pre-logon policies. RJ
... View more
04-06-2020
10:33 PM
2 Kudos
Hi All I had the similar issue and was able to to trace it down NCSI causing the problem, the probe HTTP was failing for me. You can check windows event logs to see if you are facing the same issue - Microsoft-Windows-NCSI/Operational This is logged in the event it was failing: Capability change on {57a83755-d89b-4a01-a72d-d4786875d856} (0x6008009000000 Family: V4 Capability: None ChangeReason: ActiveHttpProbeFailedButDnsSucceeded) I need to allow "www.msftconnecttest.com" this site access in pre-logon policy. For more info check this blog https://support.microsoft.com/en-us/help/4494446/an-internet-explorer-or-edge-window-opens-when-your-computer-connects https://www.ghacks.net/2014/02/07/disable-customize-windows-internet-connection-test-improve-privacy/ https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-vista/cc766017(v=ws.10)?redirectedfrom=MSDN I hope this helps fix your guys issue RJ
... View more
04-01-2020
08:10 AM
Hey All If the application process is located in the user profile directory and would like the ability to use that application for exclude and include then please have your SE vote for this feature request FR#11579 Currently GP client does not support the ability to white-list process id located in the user profile directory. Example application is Microsoft teams Thanks RJ
... View more
03-25-2020
10:31 PM
1 Kudo
Hi MickBall That is what I had and observed also, in the palo traffic logs i could see ms-teams app coming for VPN users. Before I found this forum I had also opened a ticket with support on this issue as wanted a way to confirm traffic for sure is being split or not. What they informed me applications sitting in user context is not supported at this time. I would prefer to use Process ID then IPs as IPs can change and keep config up to date without any automation and checking for changes ---- Here is what the TAC mentioned to me ---- " The full path of the application to be included from the tunnel is currently only resolvable in PanGPS context for windows it is system service context. While for Mac, it is root context in prelogon and user context after user logon. Currently you have the following path %USERPROFILE%\AppData\Local\Microsoft\Teams\current\Teams.exe In order for PanGPS to resolve the path you will need to shift the path to a system service context as opposed to a user context as shown in the example below, "%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe" Other customer requested us to improve this path issue and submitted it as a feature request. But it has not been implemented yet. So we suggest to avoid this issue by routing. Add routes to exclude from the VPN tunnel. These routes are sent through the physical adapter on endpoints rather than through the virtual adapter (the tunnel). "
... View more
03-25-2020
11:25 AM
Thanks for that.. I am curious have you tried doing split tunnel based on process name exclude-applications [ "%PROGRAMFILES(X86)%\VMware\VMware Horizon View Client\vmware-view.exe" "%PROGRAMFILES(X86)%\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe" "%PROGRAMFILES%\Microsoft Office\root\Office16\OUTLOOK.EXE" %LOCALAPPDATA%\Microsoft\Teams\current\Teams.exe]; Raj
... View more
03-25-2020
08:25 AM
Hi Goran Are you able to share you configuration.. we are trying to split the o365 traffic want to ensure we are configuring it correctly. Teams traffic for us is still going through the tunnel.. Did you do any split tunnel using process or all domains RJ
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
a week ago
|
Latest Tags
No tags yet
Latest Blogs
Copyright 2007 - 2020 - Palo Alto Networks
