Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- ›
- About mvrijsten
About mvrijsten
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
2 weeks ago
6Posts
0Likes
0Solutions
Jan 12, 2021Last Visited
User
Activity
User
Profile
Latest posts by mvrijsten
| Subject | Views | Posted |
|---|---|---|
| 107 | 2 weeks ago | |
| 152 | 11-22-2020 11:25 PM | |
| 246 | 11-18-2020 12:57 AM | |
| 235 | 11-04-2020 05:38 AM | |
| 307 | 11-02-2020 10:53 PM |
User Badges
Public Statistics
| Date Registered | 02-12-2020 11:54 PM |
| Date Last Visited | 2 weeks ago |
| Total Messages Posted | 6 |
2 weeks ago
Hi, We are using SSL Decryption and I only allow SSL traffic for specific URL's and categories which are excluded from SSL Decryption. Palo Alto has it's predefined list with SSL Decryption Exclusions (Device > Certificate Management > SSL Decryption Exclusion). From time to time I go to a website and it is blocked because: - It is predefined in the SSL Decrypt Exclusion list - And it is not allowed by a security rule So now I have a URL Category with a URL List and I have to add this URL manually when I want this site to work. Of course this happens for every URL in the SSL Decrypt list. Since this is the case, it would help if there was a URL Category List which I can use in a security rule which automatically contains all URL's from the SSL Decryption Exclusions list. Is there such an object by default or a way to generate dynamically so it is always in sync?
... View more
11-22-2020
11:25 PM
Thanks, that does indeed seem to be the issue. Is there a KB for this to see what URL's I should exclude from decryption?
... View more
11-18-2020
12:57 AM
We are rolling out SSL Decryption for a group of test users and we run into an issue with PowerBI Desktop. When we try to login in PowerBI Desktop it fails and shows that it cannot setup a trusted SSL/TLS connection for the sign in. I am looking into my decryption logs, but I cannot find any issues with URL's that might have something to do with PowerBI so I don't know what to exclude to fix this. When I disable ssl decryption, it works OK right away. Is anybody familiar with this issue or able to point me into the right direction to troubleshoot this?
... View more
11-02-2020
10:53 PM
@BPry , Yes that is correct. I am trying to ping the WAN IP. But as a check, I just also created a Dest. Nat rule to a internal webserver on this IP and that also does not work. Same issue is happening, so it does not seem to be the issue that it is the WAN IP I am trying to ping. Otherwise it should work with the NAT rule right?
... View more
11-02-2020
06:15 AM
We are running PanOS-10.0.2 on our PA-220 and we are having an issue with a PBF rule which seems to be denied even though it should match the traffic. The setup: 2 WAN interfaces: Primary = PPPoE interface on ETH 1/5. Route is added to router when PPPoE is online with metric 10 Secondary = "Normal" interface on ae1.100. Static route is in router with metric 20 For this example, I will use the IP's 1.2.3.4 for Primary and 5.6.7.8 for secondary For both interfaces ping is allowed and there is a PBF rule added with Enforce Symmetric Return: Primary WAN is working fine and failover is going as expected as soon as the PPPoE goes offline. Only issue is when both WAN are online, a ping to the secondary WAN is not working. What happens is: Ping from random WAN IP to 5.6.7.8 No response is received Packet trace shows that the reply is sent over eth1/5 with 5.6.7.8 as source IP Because of the PBF rule I would expect the reply to use the same interface, but instead it seems to ignore this and use the route with lowest metric. Anyone around who has an idea why this is not working?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
2 weeks ago
|
Latest Tags
No tags yet
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
