This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
About Pawel_G
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About Pawel_G
06-17-2022
7Posts
0Likes
3Solutions
Jun 17, 2022Last Visited
User
Activity
User
Profile
Latest posts by Pawel_G
| Subject | Views | Posted |
|---|---|---|
| 934 | 03-07-2021 08:59 PM | |
| 1022 | 03-05-2021 11:02 AM | |
| 1008 | 03-05-2021 08:57 AM | |
| 1550 | 03-03-2021 07:32 PM | |
| 1612 | 03-02-2021 07:29 PM |
User Badges
Community Statistics
| Member Since | 09-17-2020 09:38 AM |
| Date Last Visited | 06-17-2022 01:51 PM |
| Posts | 7 |
03-07-2021
08:59 PM
Hello Joerg, I would also check your User ID Agent for logs. Sometimes when User ID loose connection to Agent, GP will not pickup Group that you specify. Also I would collect packet captures.
... View more
03-05-2021
11:02 AM
Hello, Simple fix for this is by creating a NAT rule Nat from Spoke1 to Spoke2 - Source Zone - Tunnel Interface Spoke1 Source IP Address - 192.168.100.0/24 Destination Zone - Tunnel Interface Spoke2 Destination Address - 172.16.200.0/24 Source Translation - Dynamic IP and Port Translated IP - 172.16.200.100 I hope this will help
... View more
03-05-2021
08:57 AM
Hello, I would recommend to you to take logs from the Global Protect Client at the time when user is trying to connect to Teams. I would also collect logs from FW from user IP to see what is destination of Teams Server that user is trying to connect. Microsoft is adding IP ranges all the time for different servers around the world. How many Agents Portals, Gateways did you create?
... View more
03-03-2021
07:32 PM
Hey Primary VR will have all connections This is just example ETH1 - Untrust 32.32.32.108/29 Primary VR ETH2 - Trust 10.10.0.1/24 Primary VR ETH3 - DMZ 10.254.1.1/24 Primary VR ETH4 - DMZ2 10.254.2.1/24 Primary VR ETH5 - Untrust 33.33.33.108/29 Secondary VR Lets say that you have Global Protect Users using 10.1.1.1-10.1.1.1.254 on Gateway 1 and GP users using 10.1.2.1-10.1.2.254 on Gateway 2. You will need route from Secondary VR to Trust 10.10.0.0/24, 10.254.1.0/24 10.254.2.0/24 and 10.1.1.0/24 Primary VR 1 Default route - 0.0.0.0/0 - 10 to gateway 32.32.32.105 2.Route to GP2 - 10.1.2.0/24 - NEXT VR 3 More Local Routes - to Core SW if you have any Secondary VR 1 Default Route 0.0.0.0/0 10 33.33.33.108/29 2.Route to Local 10.0.0.0/24 10 Next VR 3, Route to DMZ 10.254.1.0/24 10 Next VR 4. Route to DMZ2 10.254.2.0/24 10 Next VR 5. Route to GP 10.1.1.0/24 Next VR 6. If you have any IPSEC S2S you need to point to Primary VR If you want to have also another ipsec S2S from secondary ISP as backup you will need to crete second tunnel and you will need to change metric and setup path monitoring if secondary VR Tunnel will go down than you still will be able to reach from Primary VR with metric 15. But if you have only one tunnel and you don't need to create another one all you do from Secondary VR route to primary with metric 10. I hope this will help
... View more
03-02-2021
07:29 PM
Hello, Global Protect with 2 ISP require 2 Virtual Routers. On each Virtual Router you will have one Default Route (not 2). You will need to configure 2 portals , 2 gateways, both pointing to the same Zone. You will need also configured routes from Secondary VR to your local Trust Interfaces, and all other networks that will terminate on VR1. You will need to create Primary PBF rules from any local Zone and Negate local Destination Addresses and forward to VR Egress Interface IP and the same for Secondary ISP (PBF) and enforce symmetric return. You will need to create 1 NAT for ISP1 allowing local zones to get out and the same for Secondary ISP. After that you can configure external DNS pointing to vpn.mycompany.com ISP1 and vpn2.mycompany.com ISP2. Both of them will be active all the time. you will be able to choose which portal you would like to connect. All local traffic will failover between VR and you don't need to create any extra Security policy since all zones are the same. I deploy this scenario multiple times and it is working really good.
... View more
03-02-2021
06:08 PM
Yes. You are able to use 3220 for Routing, Nat, Policy. You will be not able to get newer software, URL filtering, threat prevention and any other updates that are coming in from Palo Alto and of course you will not get any support.
... View more
03-02-2021
05:00 PM
Hello, Does anyone knows, how can you get PCNSC Statue? I passed the PCNSC exam in January and since that time I did not received it yet. I seen pictures on Instagram and on Linkedin that people received it after one month. What do I have to do to get it. I would like to know what is my number :). Please help if someone knows what is the next step. Thanks
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-17-2022
01:51 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks