About kalyanram.piratla

Greetings   On PAN-OS 7.1.8 configuring EDL is giving some unexpected results -   I have an application based security policie set for my PA management IP addresses to fetch the updates i.e. "paloalto-updates, widlfire, pan-db-cloud, ssl and web-browsing" with service set to application default.  No profile actions set to block.   After populating the EDL with the lists from http://panwdbl.appspot.com, I went on to one of the added lists and tried "Test Source URL" and the return message was "URL access error".   As a test,   - Set the service route configuration to use my external interface - "URL access error"   - Then created an open policy for the management IP addresses with "any" "any" and the test source URL works returning "source URL is accessbile".   Looking at the logs, I noticed the session to start on web-browsing and then move to "google-app-engine" when contacting 216.58.198.244 (panwdbl.appspot.com/lists).   So deleted my wide open policy and amended the application based policy by adding "google-app-engine", set my service route back to use the management interface.  Commit the configuration and it works.  Google-app-engine's default ports are TCP 443 and 80   Looking in to the logs, it uses "google-app-engine" to speak to the website - is this expected behaviour? I find this to be abnormal unless I have missed a very basic point somewhere.   Any ideas / thoughts will be helpful.   Thanks KP     ... View more

Hi Guys   Wondering if anyone has any ideas on;   There are external clients / users attempting to open word documents that use word templates stored on the corporate network drive.  When the user is offsite and not connected to Global Protect or VPN and the user attempts to open the document, Word will attempt to open the template on the network drive and continue to do so for several minutes before giving up and eventually opening the file.   For example when I open a word document that contains an embedded template, it will try and download the template from \\abc.com\applications\common\office templates\ABC templates which will cause a DNS lookup of abc.com which returns a public address on my network and therefore hits the PA.   Is there any way / guidance on how we can get the firewall to reject the requests to connect to the template and therefore cause word to open the file immediately? I have tried putting in rules to reject / drop / reset when an external client tries to connect via SMB to the IPs that \\abc.com resolves to but this does not appear to work.   Any thoughts on this will be greatly appreciated.   Thanks in advance.   KP ... View more

Greetings   I am not sure if anyone has come across this alert SYSTEM ALERT : critical : fail to integrate the update of registered ip addresses since 61 seconds  on a regular basis?  If yes, can someone please shed some light on what is causing this issue?   When this alert was seen for the first time, I went on to restart the user-id agent as the alert was coming in from the User-ID which did not fix the problem.  Raised this as a case and it was noted as a bug and subsequently restarting the User-ID process resolved the issue after upgrading to PAN-OS 6.1.10.  It was down to out-of-sync condition between the device server and the User-ID process.   Unfortunately, these alerts are back again on 6.1.10 and restarting the user-id process stops the alerts but are back again when the PA's failover.  Restarting the user-id process again after the failover stops the alerts.   Not sure why this is the case, so wondered if anyone has to share some valuable knowledge on this.   Many Thanks  ... View more

Greetings,   During NAT, can the PA act as a proxy using link local IP addressing (IPv4).  I know we cannot with IPv6.   Cheers  ... View more

Hi Guys, Just finding for options and thoughts to be honest... We have a service called Cloudware which is almost like terminal servers.  What we are seeing is that users using a browser from these servers are not identified on the PAN as it is not covered by AD authentication. I am aware that it is not possible to run the TS client on Cloudware and we are looking in to ways to see how the (user's) IP is recorded within cloudware... My question is - assuming we have the data from / on the cloudware servers, is there a way this can be pushed in to the Palo Alto may be using API or any other method? Any ideas will be greatly appreciated... Cheers KP ... View more