Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- ›
- About SoftwareMedia
About SoftwareMedia
Announcements
Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
08-18-2015
13Posts
0Likes
0Solutions
Aug 18, 2015Last Visited
User
Activity
User
Profile
Latest posts by SoftwareMedia
| Subject | Views | Posted |
|---|---|---|
| 922 | 05-11-2010 12:21 PM | |
| 922 | 04-20-2010 10:07 AM | |
| 1210 | 04-13-2010 03:02 PM | |
| 850 | 02-14-2010 09:13 PM | |
| 850 | 02-12-2010 09:03 AM |
User Badges
Public Statistics
| Date Registered | 01-04-2010 03:00 PM |
| Date Last Visited | 08-18-2015 09:06 AM |
| Total Messages Posted | 13 |
05-11-2010
12:21 PM
Thanks for the tip! > show ssl-vpn current-user Does exactly what I am looking for, for currently logged in users. I am also very interested in getting that same view from the logs. It would allow me to audit VPN access very quickly.
... View more
04-20-2010
10:07 AM
Maybe I have something configured wrong. While that does produce an easy filter to see VPN users and their IP it shows the address the users has been assigned from the VPN Address pool (172.16.1.1/25) I am wanting to see the IP address of the machine that the user authenticated from. In System logs with Filter set to: (eventid eq sslvpn-regist-succ) it shows the IP address the user authenticated from: (SSL VPN user login succeeded. Login from:75.152.213.61, User name: USER.) I am trying to correlate 75.152.213.61 to 172.16.1.1 to USER in the traffic logs for a given date / time without having to jump back and forth from Traffic logs and System logs. Most of my VPN users login from a static or near static IP (IP changes once ever 3 months) for all my efforts to educate they are still very careless with their credential, leaving them on postit notes and the like for anyone to see. If I can easily correlate USER to the IP they authenticate from it makes it easier to determine if their credentials have been compromised. -Michael
... View more
04-13-2010
03:02 PM
Is there currently an easy way to Correlate a VPN user in trafic logs with the IP the user authenticated from? For now I am having to view the traffic in the Traffic log note the user then goto the System logs and correlate the date / time of the VPN login go see the IP they authenticated from. -Michael
... View more
02-14-2010
09:13 PM
Changed from 172.16.1.0/24 to 172.16.1.0/25. Solved all my problems. Thank you! Might consider modifying "How to Set Up and Configure SSL-VPN" doc @ https://live.paloaltonetworks.com/docs/DOC-1157
... View more
02-12-2010
09:03 AM
Kelly, Thanks for the quick reply. Tunnel interface is in Zone: trust To access VPN I have it configured to be a loopback interface of our untrust interface. I did this because our mail server is currently mapped to HTTPS on .122 Untrust interface is .122 loop back interface for VPN is .124 both in Untrust zone. I setup a rule From: ANY To: ANY Source: VPN IP (172.16.1.0/24) From User: VPN Users Connect to VPN and then ping yahoo.com. Look at Traffic logs and see From: trust To: untrust Source 172.16.1.1 Destination: 209.191.93.53 User local:mauger Action: allow Rule: VPN Ingress I/F: tunnel Egress I/F eth 1/1 Ping one of the DNS servers I have configured in the SSL-VPN and look at Traffic logs I see From: trust To: trust Source 172.16.1.1 Destination: 192.168.1.60 User local:mauger Action: allow Rule: VPN Ingress I/F: tunnel Egress I/F eth 1/2 Ping any server that is on the internal network that isn't a configured DNS server in the SSL-VPN and the requests time out. I look at the traffic logs and see no traffic. I set the VPN rule to Deny all traffic to Trust and I can no longer talk to the two DNS servers, I check traffic logs and I can see it deny all traffic to the two DNS servers. Traffic to any other server on the internal network still doesn't show up in the logs. Not sure what I need to do. -Michael
... View more
02-11-2010
04:26 PM
I am fairly new to configuring VPN's. I configured SSL-VPN using the wonderful guides found on this site and was able to log in with no problems. With the VPN active all of my traffic was routing out through my PaloAlto device perfectly I could surf the net all day with my traffic through the company IP address. When I try to talk to the servers on the internal network I can only see the two DNS servers I have configured under Network -> SSL-VPN. If I ping any other server on the internal network it resolves dns (obviously I can talk to the DNS servers) but the requests time out. I am certain I am missing something simple. What do I need to change to be able to see more than just my DNS servers on the internal network from my VPN clients? -Michael
... View more
01-20-2010
11:23 AM
wow, epic fail on my part. Thanks for pointing out that crazy obvious button that i for some reason never thought to click on.
... View more
01-20-2010
10:34 AM
I understand there is more detail as you drill down, but once I have removed all filters and am back at what should be the root ACC tab it has alot more detail than had I just clicked on the ACC tab. With how it is behaving now, the only way I have found to view details for a specific user is to click ACC tab, click web-browsing (which hopefully that users has done or they will not show up in the next view), then click on the source user and then remove the web-browsing filter. Is there a more direct way to add a 'Source User' filter?
... View more
01-19-2010
04:05 PM
Awwww.... that makes me sad. It is great to hear you are actively working on it. It is, without question, something that will be tricky to pull off. Gives me something to look forward to playing with though. It is features like this that really set Palo Alto apart from the competition. Keep up the great work!
... View more
01-19-2010
02:53 PM
When I click on the ACC tab it loads the ACC with the charts Application URL Filter Threat Prevention Data Filtering If I click on 'web-browsing' or anything else that creates a filtered view and then close that element to go abck to a non filtered view ACC loads with a whole different set of charts: Top Applications Top Sources Top Destinations Top Source Countries Top Destination Countries Top Security Rules Top Ingress Zones Top Egress Zones URL Filtering Threat Prevention Did a miss something in a configuarition somewhere that is screwing this up? Is it possible to have ACC laod with the 2nd view by default?
... View more
01-19-2010
02:43 PM
It would be an amazingly helpful feature. Any ballpark ETA for when we might expect it to show up?
... View more
01-13-2010
02:48 PM
Is it possible to use captive portal to force a user from the untrust side to authenticat before they can see port 22?
... View more
- Tags:
- captive_portal
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-18-2015
09:06 AM
|
Latest Tags
No tags yet
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
