This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
About sjamaluddin
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About sjamaluddin
11-20-2017
155Posts
58Likes
16Solutions
Nov 20, 2017Last Visited
User
Activity
User
Profile
Latest posts by sjamaluddin
| Subject | Views | Posted |
|---|---|---|
| 2973 | 09-18-2014 09:10 AM | |
| 2197 | 09-18-2014 08:47 AM | |
| 5358 | 07-26-2014 12:45 AM | |
| 894 | 07-26-2014 12:40 AM | |
| 2220 | 07-26-2014 12:34 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 09-23-2013 03:47 PM | |
| 3 Likes | 04-26-2013 03:40 PM | |
| 1 Like | 04-09-2012 01:43 PM | |
| 1 Like | 02-22-2012 08:16 AM | |
| 1 Like | 05-07-2012 04:41 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 06-15-2011 09:58 AM |
| Date Last Visited | 11-20-2017 02:45 PM |
| Posts | 155 |
| Total Likes Received | 52 |
09-18-2014
09:10 AM
When upgrading to a new major release, you'd have to download the new baseline first. So in this case you'd need PAN OS v6.0.0 in the device (even if you don't install it) and then download and install PAN OS v6.0.1 or v6.0.x You ought to be able to see PAN OS v6.0.0 through the same check now, since you can see PAN OS v6.0.1 however, if there is a problem. perhaps you can try the upload file PAN OS v 6.0.0 manually?
... View more
09-18-2014
08:47 AM
1 Kudo
Can you please ensure that "UseriD is enabled" under the zone you are trying to monitor these users off of? Check under Network>>Zones >> check the box for UserID
... View more
07-26-2014
12:45 AM
One would user UserID agent - if you have a distributed DC set up - across multiple WAN locations. That way you can run the UseriD Agent on each DC at the remote location and keep their chatter local. Then only send the filtered (specific IP to user mappings) across the WAN to a head end firewall. If however, you'd like to keep everything under one administrator groups's control (sometimes server folks and network folks have trouble sharing info.), then it may be easier to simply run the UserID agentless on the firewall. That way, only the access to AD via the LDAP admin account will be needed to have the firewall talk to the DCs. This would be preferred i n cases where the DCs and firewall are all local and there is no WAN link to cross.
... View more
07-26-2014
12:40 AM
Hello You said that the user was not part of any group. As such, have you added that user to the Authentication profile for GP Portal / GW as an individual user there? You can do the reset command - as that forces the LDAP server to pull all the users/ groups from the AD again (before its hourly update). If you add a new user to a group or to AD, the firewall groups ought to be reset so as to pull any new users / groups on the AD
... View more
07-26-2014
12:34 AM
UserID agent 6.0x supports AD 2012 The latest and current version of the UseriD Agent is 6.0.3
... View more
07-26-2014
12:19 AM
When you have no IP to user mapping for a particular IP address, for traffic that comes in on a zone that has User Identification enabled, AND a CP policy is enabled, then the CP page should be triggered. When looking at the Security policy, you are trying to restrict traffic for only "Known" users - whether they known via the User ID agent, or CP, or GP, the security policy will control what traffic is allowed for what users. If you choose to put "unknown" or "any" - that would imply that you do not really care about "known" users. The security policy is more for controlling who gets what access. To trigger the CP policy, you ought to look at the CP policy and the zones and addresses for which you'd like the CP policy triggered.
... View more
07-26-2014
12:12 AM
When you logon with the administrator credentials, you may be being ignored by the UserID agent (check your configs, as admin users are often part of the ignore list). So, when you log on with administrator credentials, the firewall may not have a mapping for you, (as administrator) and so the CP page is exhibited. The reason folks put the administrator account in the Ignore List is to not create a mapping for that account as many services log in with that account (in the background) and can potentially overwrite the actual user to IP mapping for a user who may be at that IP address. If that is the case, that your administrator user is in the ignore list, the CP page is to be expected but only for web browsing and https:// To not see this page, consider creating a CP policy such that it excludes your DCs so that your policy will read "no captive portal" for the set of IP addresses that are Domain Controllers - where you log on with your administrator account.
... View more
07-26-2014
12:03 AM
You may be forced to open a case with your distributor, but they can then open a case with Palo Alto Networks Support. I fear this issue needs some further investigation, so if you were to get a Support case going, you are right, it would be faster. Also, yes, the procedure should be the same, to open a case for non hardware related issues. However, it may be best to consult your distributor as I am not privy to the contracts for Italy.
... View more
07-25-2014
04:02 PM
1 Kudo
Hello If you were to increase the delta to be 5 sec. you are correct in all the ways you have understood this. The main concern will be that you may see a lot more "unknowns" on the firewalls (because there may be traffic to the firewall even before the user tries to send out traffic) You may then see the firewall requesting mappings for these "unknowns" to all your DCs so the traffic from the firewall towards the DCs may increase in size and the firewall would then be sending these out to all the DCs so the overall problem of congestion may be exacerbated. However, there is no hard and fast line. If you increase the delta and see no "real" increase in the troubles you all are seeing right now, you could increment that to 3 or more seconds. The PAN makes a list of "unknown IP addresses" and requests them in bulk to the DCs Overall this may have consequences on the memory used by the Userid daemon and overall performance (management plane) may be affected.
... View more
07-25-2014
02:00 PM
Thanks for sharing I seems that we will have to look deeper. From what you showed: From the netstat log, only one connection has source port within range of (User) source port range configured in TsAgent (20000-57499). TCP 172.30.2.121:23939 204.79.197.200:443 ESTABLISHED The others are within the System Source Port range (57500-65499). Either that single connection is the only logged-on user traffic at that time, or somehow the (User) source port allocation range not in effect? Would you be able to open a Support case for this?
... View more
07-25-2014
11:17 AM
Could you share the netstat from the server running the TS Agent?
... View more
07-25-2014
09:54 AM
Sorry, typo: The command is show session all filter source <source user> Am trying to determine if you are missing info in only the GUI logs or does the device genuinely not see the users mapped correctly. The URL filtering logs will not show the user when users are mapped from the TS agent The traffic logs should and the session info should
... View more
07-25-2014
09:31 AM
To view user ip port mappings you should use show user ip-port-user-mapping When looking at the URL Filtering Logs the information for TS Agent user ip mappings is not available in there. The debug logs of user id daemon would also show the correct mappings. However, if you are not hitting the correct security rules, then there appears to be another issue. What do you see in the traffic logs? Can you share the output of a "show session info filter source <source user>"?
... View more
07-25-2014
09:13 AM
What is the version of the PAN OS on the firewall? Also, is this happening on the GUI only, or do you find that the CLI also reports the same incorrect info for the ports and shows no users for the source user?
... View more
07-25-2014
09:02 AM
Hello While we investigate why the ports are showing up as the system source ports rather than the user source ports, could you please confirm one thing: do you have User Identification enabled on the zone this traffic comes in on? This might explain the "empty" field you see for source user. Also, what is the version of the PAN OS on the firewall? Also, is this happening on the GUI only, or do you find that the CLI also reports the same incorrect info for the ports and shows no users for the source user?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-20-2017
02:45 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks