Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About LCMember4427
About LCMember4427
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
2 weeks ago
54Posts
3Likes
0Solutions
Jan 02, 2021Last Visited
User
Activity
User
Profile
Latest posts by LCMember4427
| Subject | Views | Posted |
|---|---|---|
| 168 | 11-03-2020 03:45 AM | |
| 4125 | 04-30-2019 09:00 AM | |
| 4142 | 04-30-2019 03:25 AM | |
| 4150 | 04-30-2019 12:25 AM | |
| 1415 | 04-30-2019 12:13 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 04-30-2019 09:00 AM | |
| 1 | 06-19-2018 01:08 PM | |
| 1 | 04-09-2013 12:24 AM |
User Badges
Public Statistics
| Date Registered | 02-08-2013 01:28 AM |
| Date Last Visited | 2 weeks ago |
| Total Messages Posted | 54 |
| Total Likes Received | 3 |
11-03-2020
03:45 AM
Hi We have had a VM-100 under VMWare 6.5 ESXi on a 32Gb Dell PowerEdge 2950 for a few years now. We serve a 250 students' high school with dorms so the FW works around the clock... Throughput has been ok with few complaints, but when I checked the monitoring on the VM this morning I saw that CPU load was alarmingly high. See screenshot below. My impression has been that the good ol' 2950 coped relatively nice but after having seen this I think it's time for an upgrade. What do you think..? What do you suggest as suitable new hardware for our VM-100 with 400Mbit/s fiber access and 300 users..? I dont want to buy a lot more CPU than the VM-100 in this scenario actually requires. So which CPUs and amount of memory should give us most bang for the bucks? Thanks a lot for comments 🙂
... View more
- Tags:
- vm-100
04-30-2019
09:00 AM
1 Kudo
Aaaaaahhhh. Now THAT makes sense. I just wonder why my consultants didn't tell me that a long time ago... Ok I understand that GP would be the way to go then. Does it exist a white paper or something which explains the settings to be done in a GP scenario like that? Can I have it switched off in normal production and only activate it on days with exams / tests? If yes, does it exist an elegant way to tell them 'Please use your GP client today'... ? This was revolutionary news. I really need to rethink my options now.... But thanks a LOT for explaining this. Now it all makes sense 🙂
... View more
04-30-2019
03:25 AM
I think the goal is to clear the IP user mapping ... not the sessions. The following commands can be used to clear the mapping: Does this mean that we have to do this manually once in a while to avoid problems like this...? Does this mean that the user mapping is a persistent list? Sorry for asking but I just need to know how this actually works and what actually triggers the CP auth dialog to fire... regards Tor
... View more
04-30-2019
12:25 AM
Thanks but we can take an example from this morning. We had no user mappings except a few teachers at the moment I switched on CP. Immediately when the students arrived the user mapping list was filled up. Now when I checked in traffic monitoring for IP adresses that went under the radar and did a show user ip-user-mapping on it, its user was <unknown>. For users that had received the CP auth dialog their IP address was correctly mapped to their user. Most of the students have a test now so I expect that I can't issue a clear user cache now? Are any of those user mapping caches persistent? When are they cleared (I assume we don't need to do a manual clear cache frequently..?)
... View more
04-30-2019
12:05 AM
We find that an increasingly number of students never get the captive portal auth dialog popping up once we switch on CP (when we are having a test or exam) for their subnet. The dialog pops up as expected for most of the students, but there are always a significant bunch that somehow never get the chance to authenticate, hence the FW classifies them as 'uknown users' and let them pass by our restrictive traffic rules. All computers are non-domain and from we started using PA-500 8 years ago this setup worked without any problem. Now we are using a VM-100 (currently on the latest v8). It seems that the number of non-authenticated clients augments little by little, but the problem don't seem to affect the same users each time we switch on CP. The user computers may have been in hibernation from before CP was switched on and / or they may have any browser open at the moment we switch on CP. However I thought that any http or https request issued after CP had been switched on would trigger the CP auth dialog to pop up, but apparently this is not the case. I have also tried issuing a 'clear session all filter from <class-zone>' but that does not help either. I am at a loss where to start tracking down this. Please pop in with tips or info on what mechanisms are triggered both on the fw and on the client computers when CP is switched on and where / what to test for in this case... It seems to me that something like this would be nice: while unknown/unauthenticated users exist when CP is active then kick up the CP auth dialog for each of them 🙂 Thanks in advance for help on this 🙂
... View more
- Tags:
- captive portal
- vm-100
04-29-2019
11:09 PM
Thanks a lot!
... View more
04-29-2019
03:47 PM
Great!! Thanks for mentioning this. Now I understand a lot more. Does it also exist a user-to-group mapping list? I use mostly groupnames in the security policies and in some tests I just conducted the mapped user does not get a hit on the policy using a usergroup he actually is a member of. This worked nicely before and I hope I can be able to fully track down what is going wrong now .-) regards Tor
... View more
04-29-2019
03:26 PM
Thanks for the info. As of the clear session all filter from <zone> .. can I also filter it further so it only targets a specific user or a user group? regards Tor
... View more
04-29-2019
03:10 PM
Thanks for your comments. I have the appropriate user agent communicating with AD and also security policies using group names to filter traffic. But the problem is that some clients slips through by some reason. Where / how can I see the list of these user-IP mappings? That might help me to see who is missing or when they get added...
... View more
04-29-2019
04:44 AM
Hi, I wonder if it is possible to create a run a user defined script from our VM-100's CLI. The script should switch Policies / Authentication / <my CP profile> to 'web-form' - and do 'clear session all filter from ClassNet ' If this is possible how do I switch on the auth policy and save / run the script from CLI? Thanks a lot for help on this regards Tor
... View more
- Tags:
- run script from cli
04-29-2019
12:32 AM
Hi, We use VM-100 at a high school and frequently we switch on captive portal to impose access restrictions for certain classes. We use AD group names in policies to target users. However, despite enabling CP it appears that quite a few students who are members of classes being restricted never get up the CP auth dialog. Hence they continue to have free access to the internet. I assume that this might be that CP is not popping up when they already have open browser sessions, OR if they just minutes ago have closed their computer so it has gone into hibernation and when they re-open it they can continue with their former sessions. Am I correct in assuming this? Please comment. Does it exist a way to have CP pop up its auth dialog for *everyone* from the moment CP is enabled so we can be sure that each user is treated via the appropriate policy according to the user's AD group membership? regards Tor
... View more
- Tags:
- captive portal
- vm-100
04-19-2019
03:45 AM
Hi, I have a VM-100 running the latest v8 under VMWare ESX 6.7. Should I expect any problems upgrading to v9? I have browsed the docs and found no red lights, but I just want to ask here in case I have overlooked something... regards Tor
... View more
03-01-2019
01:28 PM
Thanks 🙂 Just to be sure: There is *no way* to do the same from the web interface..? regards Tor
... View more
03-01-2019
11:39 AM
Hi, I need to list the host properties (CPU properties etc) recognized / used by my VM-100 which is running under vmware-esxi 6. I assume there are CLI commands which list such data..? It has currently 24Gb RAM and I consider upgrading to PanOS v9. The iron is a Dell PE2950. Anyone seeing problems in upgrading this oldie to v9? It's humming nicely on 8.1.6 now. Data plane CPU never over 25% Thanks a lot for comments 🙂 regards Tor
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
2 weeks ago
|
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
