About Ovan

Ovan · ‎02-01-2012

Thanks mbehlok, please help to post up your configuration guide with screenshots. I followed the " Configuring GlobalProtect 4.1 guide" But i didn't work.

Ovan · ‎02-01-2012

Does anyone succeed in configuring Globalprotect with OS 4.1 ? please help sharing !!!!!

Ovan · ‎02-01-2012

Dear i also have the same Problem and not yet to figure out.

Ovan · ‎03-21-2010

When I configured authentication on PaloAlto I met the problem: I tested authentication on PaloAlto: - 1 Domain Server: installed PAN Agent - 2 pc join domain - Create some accounts: user1, user2, user3 1> I logon with domain user (user1), I can access Internet and in Monitor Tab I can see my pc had been authenticated (user_domain.png) 2> I logout and login again with local user (cloud), I still can access Internet (user_Local.png) although I set policy deny all except user1, user2 (policy.png) 3> If I changed IP Address from 172.16.1.71 to 172.16.1.76, I couldn’t access Internet but If I changed IP Address to 172.16.1.71, I still access Internet. - I want only domain user can access Internet but local user, PaloAlto can do or not? - I think PaloAlto cached the IP Address to define Account Domain so when I logon with local user with old IP Address, I still access Internet. If I right, how long PaloAlto will clear cache? Can I change the time to clear? - I used PC1 to access Internet with user1 but I still could used PC2 to access Internet with user1. PC1 and PC2 could access Internet in the same time with the same user. Can I configure PaloAlto allow only one user to access Internet?

Ovan · ‎03-18-2010

Hi all, I had tested manage users via AD and Radius, now If I want to manage users via PC's hostname, can I? PC's hostname is the name of PC in domain, ex: pc1.testlabvss.com.

Ovan · ‎01-14-2010

Thank nrice, But If I want to test Dynamic VPN with 2 PaloAlto appliance, can I? I have 2 line Internet: +Line 1: -IP Public: 123.21.40.167 (dynamic IP) -Modem's IP: 172.16.1.254/24 -PaloAlto1 Layer 3: Zone-Internet: 172.16.1.120/24 Zone-LAN: 192.168.5.0/24 -Modem NAT port 1723 to IP 172.16.1.120 +Line 2: 222.253.113.230 (static IP) -Modem's IP: 192.168.81.254/24 -PaloAlto2 Layer 3: Zone-Internet: 192.168.81.98/24 Zone-LAN: 192.168.2.0/24 -Modem NAT port 1723 to IP 192.168.81.98 Both 2 PaloAlto, I configured IKE Gateway to point direct 2 IP public (still not use Dynamic option) but when I SSH to PaloAlto, and type 'show vpn flow' the state is init (not inactive) (please refer the attached file: Snapshot VPN-SSH.jpg). I want to test Dynamic VPN, but I want to ensure that IPSec VPN running well first. I uploaded some snapshots and the configuration file, please refer the attached files and help to solve this problem. Many thanks, Ovan Skype: ovan_pham

Ovan · ‎01-10-2010

Dear PaloAlto Support, Does Palo Alto support this VPN feature such as Dynamic VPN or Easy VPN? Customer will use Cisco Router at their branches. They want to connect VPN from all branches to their HQ. All branches will have dynamic IP and HQ will have static IP. Thanks,

Member Since	‎11-12-2009 08:12 PM
Date Last Visited	‎08-18-2015 09:06 AM
Posts	7

Online Status	Offline
Date Last Visited	‎08-18-2015 09:06 AM

About Ovan

Re: Certificate Error in Global Protect Portal

Re: Certificate Error in Global Protect Portal

Re: Certificate Error in Global Protect Portal

PaloAlto integrate with AD

Does PAN support manage users via PC's hostname?

Re: Certificate Error in Global Protect Portal

Re: Certificate Error in Global Protect Portal

Re: Certificate Error in Global Protect Portal

PaloAlto integrate with AD

Does PAN support manage users via PC's hostname?

Re: Dynamic VPN

Dynamic VPN

Network Security

Cloud Security

Security Operations

About Ovan