Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About r24481
About r24481
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
07-15-2020
8Posts
0Likes
0Solutions
Jul 15, 2020Last Visited
User
Activity
User
Profile
Latest posts by r24481
| Subject | Views | Posted |
|---|---|---|
| 539 | 12-07-2017 12:30 PM | |
| 487 | 09-20-2017 03:50 PM | |
| 1488 | 04-27-2017 12:45 PM | |
| 1534 | 04-25-2017 10:29 AM | |
| 440 | 06-03-2016 11:04 AM |
User Badges
Public Statistics
| Date Registered | 05-09-2014 01:35 PM |
| Date Last Visited | 07-15-2020 03:13 PM |
| Total Messages Posted | 8 |
12-07-2017
12:30 PM
On our juniper firewalls we are using web authentication to restrict access to certain hosts and I would like to know if this is possible and how to on PA. The user hits a captive portal(webauth in juniper) that is boudn to an interface: set interfaces reth0 unit xxxx family inet address x.x.x.x/24 web-authentication https This presents a simple login page that requries two factor authentication wich then puts an entry into a local database. A policy then allows the traffic based on this. set security policies from-zone aaaa to-zone bbbb policy test match source-address subnetx set security policies from-zone aaaa to-zone bbbb policy test match destination-address web-auth-hosts set security policies from-zone aaaa to-zone bbbb policy test match application junos-https set security policies from-zone aaaa to-zone bbbb policy test then permit firewall-authentication web-authentication Authentication Profile set access profile TEST-ACCESS authentication-order radius set access profile TEST-ACCESS session-options client-idle-timeout 10 set access profile TEST-ACCESS session-options client-session-timeout 120 set access profile TEST-ACCESS radius-server x.x.x.x port 1812 set access firewall-authentication web-authentication default-profile TEST-ACCESS set access firewall-authentication web-authentication banner success "TEST Access Login Successful"
... View more
09-20-2017
03:50 PM
I am running BFD with BGP in a cluster(active/passive) and I am unclear on how to set up a failover of the firewall to the passive peer if BFD fails in order to bring up the BGP peer on other node. Any assitance would be appreciated.
... View more
04-27-2017
12:45 PM
I was not able to get this to work without putting a source nat policy in and after I put that in internet access is available. nat-type ipv4; from trust; source any; to INTERNET; to-interface ethernet1/1 ; destination any; service any/any/any; translate-to "src: ethernet1/1 x.x.x.x (dynamic-ip-and-port) (pool idx: 1)";
... View more
04-25-2017
10:29 AM
With the NAT VM no longer being required and you can assign a public address to NIC1 I have a question on the NAT process concerning only connectivity from resources to the interent. Do you need to configure a source nat policy or do you just forward traffic to 0.0.0.0/0 via a static route to the .1 address of the subnet on NIC1 and the Azure environment will do the translation? It is my understanding you only assign the public IP address to the VM NIC and do not assign this to an interface within the Palo Alto configuration? Thanks, Steve
... View more
06-03-2016
11:04 AM
We are doing a POC with NSX and have stood up the firewalls and they are recognized by Panorama however within "Managed Devices" the PA VMs are constantly showing connected then disconnected. We do not believe this is a network problem as Panorama and the NSX deployment is in the same lab environment and no other issues are encounterd on the deployment or with other devices managed via panorama. Looking to see if anyone has any troubleshooting thoughts. Panorama is at 7.1.2 and the VM firewalls are at 7.1.
Thanks
... View more
03-28-2016
01:28 PM
I am looking to supress any commit logs going to an external syslog server. I am currently only forwarding medium/high/critical.
Thanks
... View more
10-20-2015
12:22 PM
Is this the only identifying field that is possible as I was looking for the hostname if possible.
... View more
10-20-2015
11:41 AM
I have traffic log forwading from Panorama to an external syslog server working correctly however I would like to see the device the log was generated from included and not the default "Panorama". Is this possible?
This is what I see on the external server:
Oct 20 13:10:59 Panorama 1,2015/10/20 13:10:59,001801009725..............
Thanks
... View more
Labels:
- Labels:
-
Panorama
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-15-2020
03:13 PM
|
Latest Tags
No tags yet
Latest Blogs
Latest Posts
Copyright 2007 - 2020 - Palo Alto Networks
