Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- ›
- About KAckerman12
About KAckerman12
Announcements
Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
2 weeks ago
5Posts
1Like
0Solutions
Apr 07, 2021Last Visited
User
Activity
User
Profile
Latest posts by KAckerman12
| Subject | Views | Posted |
|---|---|---|
| 167 | 02-26-2021 09:14 AM | |
| 239 | 02-25-2021 11:35 AM | |
| 453 | 11-05-2020 08:38 AM | |
| 517 | 11-04-2020 02:59 PM | |
| 567 | 11-04-2020 12:38 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 02-26-2021 09:14 AM |
User Badges
Public Statistics
| Date Registered | 11-04-2020 12:26 PM |
| Date Last Visited | 2 weeks ago |
| Total Messages Posted | 5 |
| Total Likes Received | 1 |
02-26-2021
09:14 AM
1 Kudo
I suspected that may be the case, but wasn't 100% sure. I do already have an IP pool configured under the Client Settings. I will work on recreating the gateway without these settings to see if that works. Thank you for the suggestion. Edit: Can confirm this is correct. The Client IP Pool tab is available when there are no Client Settings configured.
... View more
02-25-2021
11:35 AM
I am attempting to configure a global IP Pool for my gateway, however, the Client IP Pool tab is always grayed out. I followed the documentation and I have tunnel mode enabled with a tunnel interface assigned, yet the tab remains grayed out. Any help is greatly appreciated.
... View more
11-05-2020
08:38 AM
I should clarify; I didn't create a custom category, but rather created a group for these categories. Objects>Custom Objects>URL Category>Add>Type 'Category Match'. I added these categories into that custom object group, and applied the custom object group to the no-decrypt policy. However, the no-decrypt policy failed to reference the custom category group. I'm currently using version 9.0.9-h1
... View more
11-04-2020
02:59 PM
The policy was in place with no-decrypt, but that wasn't the issue. I was able to solve this by adding these categories directly to the policy. The problem occurred when using a custom URL Category object where I added financial-services and health-and-medicine. I then applied the custom object to the no-decrypt policy, but it failed to appropriately reference the custom object, and sites were still being decrypted. Instead of adding the custom object, I added these categories directly to the policy, and since then it has worked fine. Thank you for the quick response!
... View more
11-04-2020
12:38 PM
I'm having an issue with URL Categories and SSL Decryption. I have two decryption policies; the first is a no-decrypt policy for URL Categories matching "financial-services" and "healthcare-and-medicine," and the second policy is a decrypt-all for service-https. The second rule is working great and decrypting traffic as expected, however, the first rule is not working. If I visit a financial site (discover.com, chase.com, etc) the site is getting decrypted. The log shows the site as matching against "low-risk" instead of "financial-services." This happens for most sites and is not limited to the examples provided. If I visit https://urlfiltering.paloaltonetworks.com/ it shows discover.com gets categorized as financial-services first, then low-risk. What can I do to ensure the firewall categorizes these sites as financial-services instead of low-risk so that they do not get decrypted?
... View more
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
