This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About TomKisiel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About TomKisiel
07-07-2021
4Posts
1Like
0Solutions
Jul 07, 2021Last Visited
User
Activity
User
Profile
Latest posts by TomKisiel
| Subject | Views | Posted |
|---|---|---|
| 4257 | 12-18-2020 09:01 AM | |
| 4673 | 12-18-2020 08:20 AM | |
| 4859 | 12-17-2020 06:55 AM | |
| 1931 | 11-21-2020 07:15 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 12-18-2020 09:01 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 11-18-2020 07:28 AM |
| Date Last Visited | 07-07-2021 12:25 PM |
| Posts | 4 |
| Total Likes Received | 1 |
12-18-2020
09:01 AM
1 Kudo
Perfect, this works!!
... View more
12-18-2020
08:20 AM
I understand what you're saying, but trying to figure out how I would design that rule. Zone- SSLVPN Source- User, Address- Any HIP Profile- HIP-Checks Destination- Zone, User, Address- Any Action- Deny?
... View more
12-17-2020
06:55 AM
I have GlobalProtect portal/gateway configured and working in my environment. External users can connect to the GP portal/gateway and receive network access. I have set up a HIP profile to check for domain joined and AV updated in the last 3 days. What I'd like to do is have the HIP check run during the initial connection to GP portal/gateway, so basically if HIP check passes, user is allowed to connect to GP, if HIP check fails, user is not allowed to connect to GP. I do not want to set the HIP check profile for SSLVPN zone on every single firewall rule (we have a huge ruleset). I only want the HIP check enforced on connection to the GP portal/gateway. I tried applying the HIP check profile to the firewall rule that allows GP connection from WAN, but that did not do the trick.
... View more
- Tags:
- globalprotect
- hip
11-21-2020
07:15 AM
I have an Palo Alto A/A HA configuration, each member with their own independent virtual router. The HA firewalls build an IPSEC tunnel to a branch Palo Alto firewall and have OSPF configured to advertise the HA firewall routes to the branch firewall, and the branch firewall to advertise it's local connected routes back to the HA firewalls. All firewalls are in area ID 0.0.0.0. Everything works as expected, except for one issue. HA firewalls advertise to the branch firewall, firewall advertises back to the HA firewalls, but for some reason the HA firewall routes advertised to the branch end up on each HA firewall too: Screenshot is a snip of a route to specific network on HA firewall A. First route is the local connected route, but the second route in the list is being learned from HA firewall B and incorrectly forwards traffic over the IPSEC tunnel interface (172.17.3.2). Here is a snip from OSPF LSDB on HA firewall A 10.61.24.10. It should only be learning routes from branch firewall 10.52.24.10, not from HA firewall B 10.63.24.10 How can I stop the HA firewalls from learning OSPF routes being advertised by the partner firewall? Seemingly the unwanted advertised routes are being sent back from the branch firewall, but area route suppression has not made a difference.
... View more
- Tags:
- active active ha
- ospf
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-07-2021
12:25 PM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks