Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About jleung
About jleung
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
08-18-2015
150Posts
53Likes
16Solutions
Aug 18, 2015Last Visited
User
Activity
User
Profile
Latest posts by jleung
| Subject | Views | Posted |
|---|---|---|
| 336 | 11-22-2012 08:30 AM | |
| 479 | 11-04-2011 09:57 AM | |
| 405 | 11-04-2011 09:53 AM | |
| 428 | 10-28-2011 07:51 PM | |
| 258 | 10-28-2011 06:41 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 09-21-2011 09:52 PM | |
| 1 | 08-25-2011 12:03 AM | |
| 1 | 08-05-2011 07:40 PM | |
| 1 | 10-18-2011 07:59 AM | |
| 1 | 08-18-2011 11:44 PM |
User Badges
Public Statistics
| Date Registered | 01-07-2010 04:15 PM |
| Date Last Visited | 08-18-2015 09:06 AM |
| Total Messages Posted | 174 |
| Total Likes Received | 53 |
11-22-2012
08:30 AM
Hi, It is not under the QoS setting. To do this, you need to go to the policy tab and configure the DoS policy. You need to input the source and destination zones you want to apply the control, and choose - protect instead of allow/any as the action - classified instead of aggregated as the type of protection - choose whether you want to consider a counter hit by just the src IP, src IP + Dst IP or just the dst IP - create the DoS profile, and under the resource protection input the limit Regards, Jones
... View more
11-04-2011
09:57 AM
Hi, Would you provide a screen capture or elaborate the meaning of "unsorted"? Regards, Jones
... View more
11-04-2011
09:53 AM
Hi, May I know how you test the flash blocking? Have you seen the traffic log showing flash as the app? If yes, what is action shown for flash? Regards, Jones
... View more
10-28-2011
07:51 PM
Hi, Now there is no way to filter file name. But you can create custom vul sig for the URL path including the filename. But please keep in mind that once you block the file by filename your users will normally try to change the filename to bypass the control which makes it useless. The 4.0.5 release notes should be downloadable and please try again. Regards, Jones
... View more
10-28-2011
06:41 PM
1 Kudo
Hi, Have you tried to run the app and review the app shown in traffic logs? Many of the smartphone apps are actually recognized as web-browsing and you can easily create a custom app to control it. If you want our app id to cover it please raise a request through http://www.paloaltonetworks.com/researchcenter/submit-an-application/ Jones
... View more
10-26-2011
06:11 AM
Hi, For Sawmill, it will based on our URL log to find out the URL domain versions for top URL domain reporting which should be able to be a temp solution. Jones
... View more
10-26-2011
03:50 AM
Hi, Certainly I understood your request and I had also heard similar requests somewhere else. For roadmap and formal request I will recommend you to reach your local PAN SE so that they can have better escalation to us. For the time being if you are using some 3rd party reportin solutions that will be a good alternative. Regards, Jones
... View more
10-23-2011
09:41 PM
1 Kudo
Hi, Tufin is also our partner. As I know they can support it now and will have more roadmap to make it more robust. Recommend you to request a demo and roadmap update with them. Regards, Jones
... View more
10-23-2011
12:13 AM
Hi, If you don't want the apple homepage to be broken you could use *.apple.com instead. There are many imagesand files hosted in other domains such as image.apple.com. You need wildcard. Regards, Jones
... View more
10-23-2011
12:11 AM
Hi, Currently we don't support VPN on iOS but from another thread ( https://live.paloaltonetworks.com/thread/1404?tstart=0 ) you should find more info. Please reach PAN local SE with NDA if you want to know more. Regards, Jones
... View more
10-22-2011
11:59 PM
Yes. This is a good workaround 🙂 If you are going to limit the total session that the firewall can handle, it is impossible. But you can create two Vsys (you need additional Vsys license unless you are using PA4000 or PA5000 series) and use resource allocation to limit how many sessions each Vsys can have in total. So creative! Jones
... View more
10-22-2011
11:56 PM
Hi, I mean we cannot automatically assign bandwidth per src IP "automatically". Some QoS product can allocate bandwidth fairly to each source IP automatically as kind of subscriber management, which PA does not support. Yes you are right that we can allocate it explicitly in the policy and that is what I mean 🙂 Regards, Jones
... View more
10-22-2011
11:48 PM
Hi, That's fine, and we rotate the log automatically. Regards, Jones
... View more
10-22-2011
11:40 PM
1 Kudo
Hi, If you want to reset to factory default, you can restart the machine, press "m" and choose PAN-OS(Maint) to go to maintenance mode, choose factory reset. Regards, Jones
... View more
10-22-2011
10:22 PM
1 Kudo
Hi, If you want to double confirm the accurary of the user activity report you can do a filter on the URL log based on that username and time interval. You can create custom reports under monitor-> manage custom reports. limited to 500 lines. Regards, Jones
... View more
10-22-2011
10:05 PM
Hi, User-ID agent (LaInstall) is for eDirectory integration and API, PAN Agent is for AD only. Regards, Jones
... View more
10-22-2011
10:00 PM
1 Kudo
Hi, We assign different task to different processors. There are some processors reserved for dataplane and mgmt plane communication, some for flow control and handling, some for logging, while all remaining reserved for data processing. So some processors will be very busy while few of them may be more idle, depends on their job duties and loading. Regards, Jones
... View more
10-22-2011
09:46 PM
1 Kudo
Hi, When user B logon PC A by domain user, the AD will create a new event which trigger the agent to create a new entry. So when PA firewall try to get a new delta mapping it will get a new mapping. As each IP can only have one user mapped to it the box will update the record with thenew info. Regards, Jones
... View more
10-18-2011
09:52 AM
Hi, You can put condition when you create custom reports which can help you to filter the stats by ip/ip range. You need to use the traffic summary DB. You can schedule the custom reports to run daily. Regards, Jones
... View more
10-18-2011
09:47 AM
What a good news 🙂
... View more
10-18-2011
07:59 AM
1 Kudo
Hi Sylvia, There is no way for change it, but you can have some session control if you are running PAN-OS 4.0. There is a DoS policy feature under the policy tab. Regards, Jones
... View more
10-18-2011
07:58 AM
1 Kudo
Hi Sylvia, We cannot automatically control each source IP bandwidth allocation, but you can define how much bandwidth you want to allocate to by the assigning the source IP into a bandwidth class in the QoS policy. Regards, Jones
... View more
10-18-2011
02:41 AM
Hi, Would you run show interface to see if there is any errors/drops? Also check show session info to understand more about the current box traffic. I will recommend you to get support involved as they maybe able to solve the problem easily with more diret touch to your environment. Regards, Jones
... View more
10-16-2011
10:53 PM
Hi, Definitely 3.1.10 if you don't need 4.0.x new features, otherwise 4.0.5. Regards, Jones
... View more
10-16-2011
10:45 PM
Hi, It is not supported. If it is really a mandatory requirement to have more flexible reporting you may leverage our REST API which you can find more info in devcenter, or leverage other SIEM solutions that your customer may already have. Regards, Jones
... View more
10-16-2011
10:30 PM
1 Kudo
Hi, Now the simplest workaround is to create a policy to allow web-browsing over port 80 and 443. That should help. Regards, Jones
... View more
10-11-2011
06:09 AM
Hi, Each policy allows one tag, and the no. of tags supported should equal to the no.of policy supported. Regards, Jones
... View more
10-10-2011
04:43 AM
1 Kudo
Hi Eugene, Answers as below: 1. If I configured Global Protection for external users, is it possible to block for network access for specific user who doesn't has latest patch or latest anti-virus? Global Protect is not NAC solution. You can control what access users can have when the traffic pass through the firewall, but not before it passess through the firewall. 2. if it is possible, can i configure redirection to warning msg for those specific user? No. But youcan have some message from the agent. 3. Does global protection must connect with SSL VPN?? Is it impossible without SS LVPN Connection? Yes. 4. if it is possible to apply global protection without SSL VPN, I’d like to apply to internal users of firewall. Yes 5. If I configured Global Protection, is it able to apply for internal users of firewall (paloalto L3 mode) without SSL VPN Connection? Yes
... View more
10-09-2011
04:57 AM
Hi, In order to obtain user-ID in tap mode, you must use transparent auth with agent- that means it only support AD and e-Directory. Other auth methods require captive portal which does not work in pure tap mode deployment. Regards, Jones
... View more
10-09-2011
04:24 AM
Hi, CNSE is more about configuration and scenario based questions, so practicing and getting more familiar with the GUI is the only way to get a pass. Good Luck Regards, Jones CNSE #1025
... View more
Latest Blogs
Latest Posts
Copyright 2007 - 2020 - Palo Alto Networks
