This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Rboehme
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Rboehme
01-21-2020
21Posts
2Likes
1Solution
Jan 21, 2020Last Visited
User
Activity
User
Profile
Latest posts by Rboehme
| Subject | Views | Posted |
|---|---|---|
| 1973 | 07-11-2019 08:37 AM | |
| 3130 | 07-11-2019 08:26 AM | |
| 2216 | 07-11-2019 07:54 AM | |
| 1937 | 05-17-2019 02:11 PM | |
| 2640 | 12-19-2018 06:05 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 2 Likes | 01-11-2018 03:43 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 17 Likes | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 01-23-2015 01:05 AM |
| Date Last Visited | 01-21-2020 05:25 PM |
| Posts | 21 |
| Total Likes Received | 2 |
07-11-2019
08:37 AM
From the description I understood he wants to ping his own gateway. Therefore there is no policy needed. (intra-zone). Is traffic from inside vlan.101 accepted and processed by the firewall?
... View more
07-11-2019
08:26 AM
Hi James, from my point of view there is no downsite. If your ruleset is appropriate there is no reason to let the intra-/inter-zone Default rules not log events. As mentioned by other user you can have a deny/any/any rule before the default rules but this is basically only useful if you have setup policies for everything. Imagine some customer/partner wants to setup a VPN with your outside interface. As he is based within the outside zone as well as your outside interface this would normally hit the "intra-zone default rule" - which can not being hit when a deny/any/any statement is placed before. The best practice is to set logging to "at session end" and you can safely enable the logging on those rules as I do primarily assume you do not want this rule to be it but when it gets hit you want to see it in the logs. Kind regards, Rene
... View more
07-11-2019
07:54 AM
Dear CRDF18, please try the following steps: SSH into FW2 sourcing from FW1 (just connect and accept the key) SSH into FW1 sourcing from FW2 (just connect and accept the key) Enable HA1 encryption again and let us know the outcome 🙂 Kind regards, Rene
... View more
05-17-2019
02:11 PM
Dear Community, I have found this side note in an article regarding the master key on the firewall. "Without the Master Key, when a configuration is exported from a firewall, the password is hashed and can be copied." Basically its the exact answer of the question I originally had. I am facing a situation where a firewall crashed. I have received the new firewall and have the certificates and the running config saved locally. When trying to import the config the firewall skips basically every entries in regards to password or keys and shows this as error messages. I do understand the firewall is unable to decrypt those data without a matching master key. However from where do I retrive the master key hash and do I assume correclty to use the hash as the password for the imported config? Thanks. Kind regards, Rene
... View more
12-19-2018
06:05 AM
Dear Comm, I was googleing alot about this topic and but only found this: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClXlCAK My specific question is, if a the User ID agent show the username "pre-logon" learned via "GP" - does this "user" counts to the "gruoup" of "known"-user which I can use in security policies? Thanks for your support. Kind regards, Rene
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-21-2020
05:25 PM
|
Likes Given To
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks