About Jafar_Hussain

Dear All, I am facing some issue with DNS resolution. below is the scenerio.       I have Global Protect VPN setup. after connecting global protect, i will take RDP of some internal machine. RDP will take by host name example:- system1.abc.com resolved by IP address 192.168.1.15 system2.abc.com resolved by IP address 192.168.1.16 system3.abc.com resolved by IP address 192.168.1.16   working scenerio:- Client connect the global protect and will take RDP system1.abc.com the query will go first to the load balancer(192.168.1.100) and load balancer forward this query either DNS server1 and DNS server2 then i will get reply accordingly.   Issue:- some time what happen when i connect the global protect i am unable to take RDP by host name that time i checked by nslookup command the DNS server not able to resolved the query, for some time i am getting time out error.that time i checked i can take RDP by IP address. this issue is occur intermittently some time i can take RDP by host name and some time not.   important point:- - In the global protect gateway configuration i given the load balancer IP address (192.168.1.100). in this setting i put direct DNS server IP (192.168.1.10 and 192.168.1.20) but the same issue happening.     - No DNS proxy. - In the split tunnel i given all IP address for load balancer and both DNS server.   Troubleshooting:- - When i took the packet capture and run the global counter i can found the Paloalto drop some packets. below is the counter detail:-     - when i checked in the capture and found some time i am not getting the answer of the DNS query and Paloalto to drop the packet. - I removed the antispyware profile from the security policy. but still, i am facing the same issue. - PAN-OS version - 9.1.5 - I checked the RDP is working fine with a hostname without connecting global protect. - GP version - 5.1.3   Can anyone help me with this? ... View more

Dears,   I have created one custom response page(including image) that is for application block and URL block. example:- If someone wants to access a restricted URL or application the page should be displayed on the customer screen.   I can see, once I apply the custom response page in the URL block page and application block page. then access the HTTP traffic the page display was showing properly, however, while accessing the HTTPS site not able to get the response page. I have applied the SSL forward proxy decryption. and the traffic decrypted correctly.     Can anyone help me to achieve this?   ... View more

Hello, I have the below query, can someone explain this. While reviewing PowerShell command execution we encountered a scenario where PANGPS.exe file in the program files Palo alto installation folder was generating PowerShell commands. i want to understand the purpose of the execution of the PowerShell command along with the validity. Also we want to know that if disabled will there be any impact on the production environment? or where i can disable this.   The execution path and the PowerShell command are also highlighted below.   Execution PANGPS (signed by Paloalto)  --> PANGPHIP (Signed by Paloalto) --> 32bitproxy.exe (signed by OPSWAT, Inc. )-->  cmd Command (cmd.exe /S /C ""C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Get-AppxPackage | Where Name -match skydrive | Select-Object -Expand version" > "C:\Windows\TEMP\OPSBE4D.tmp" 2> "C:\Windows\TEMP\OPSBE4E.tmp")--> Powershell command   ... View more