About ksauer507

ksauer507 · ‎07-16-2022

Wow thanks this thread saved my bacon this morning. Had a user who called and said they were kicked out of the VPN this morning. So I walked them through Windows Quck Assist to get connected. Oddly when clicking connect in GlobalProtect nothing happened. I noticed in services.msc there was no PanGPS service at all!!!! Like how was she ever working to begin with in the last few weeks? So in appwiz.cpl I go to "change" to repair Global Protect and sure enough it cant because its not connected in the first place to find our DFS file share! So your link saved my bacon and I was able to throw it into chrome to download it, use my LAPS UI and get them a local admin password and walk them through the install. They connected immediately and then I instructed LAPS to recycle the local admin password. Awesome link, I'd never want to block it.

ksauer507 · ‎03-17-2022

Ah great idea! I created a new decryption policy above our current one set to no-decrypt for a new URL Category. That seems to work! Thanks, I'll mark that as a solution!

ksauer507 · ‎03-16-2022

Having an issue logging into an online marketing screen tool called screencloud. The browser throws a CORS error once they hit login and the web application throws Unexpected_API_Result. The only way for our marketing staff to sign into this specific service is to use their personal device or cell phone. Any company equipment either on site or on global protect will not allow them to log in. I'm thinking its the decryption policy. I want to put a negate for an object group that contains all of the FQDNs that the company has provided. They are saying this is the list below, but I'm really thinking its not possible to use a wildcard character is it? What are the domains & servers I need to whitelist? Here is the full list of servers/domains you need to whitelist: *.screen.cloud *.screencloud.com *.firebase.com *.googleapis.com *.gstatic.com *.s3.amazonaws.com *.cloudfront.net *.screencloudapp.com *.imgix.net *.sentry.io *.screencloudapps.com *.api.filepicker.io *.assets.filepicker.io *.filepicker.io *.datadoghq.com *.filestackapi.com Also, the ports we use are 80 and 443.

ksauer507 · ‎03-08-2022

Ok all connections to this site are from one machine, so we did a negate rule on the source from this machine. So far it seems our random connection issues have been resolved. Its an ok risk for this one machine to not be in a decryption policy. In fact its a lot of financial data, we know what it is and its probably better its not tampered with.

ksauer507 · ‎03-08-2022

I did have a VM of that installed but it lit up our vulnerability console like a Christmas tree. When I updated Ubuntu to a newer release, that fixed the vulnerabilities but broke minemeld. If its EoL I wonder if PA has any future plans for it, or better yet just build this right into PANOS, why require an external server to do all this legwork. Maybe that's on the roadmap.

Member Since	‎04-16-2021 09:41 AM
Date Last Visited	‎10-28-2022 05:28 PM
Posts	35
Total Likes Received	1

Online Status	Offline
Date Last Visited	‎10-28-2022 05:28 PM

About ksauer507

Re: GlobalProtect agent download from direct URL

Re: Can I use a wildcard in an FQDN object?

Can I use a wildcard in an FQDN object?

Re: FQDN URLs that change IP addresses quickly

Re: FQDN URLs that change IP addresses quickly

Re: DNS Security

Azure AD GlobalProtect Clientless Portal / SAML Domain issue

Re: Active Directory Users & Computers slow over GlobalProtect

Re: DNS Security

Re: GlobalProtect agent download from direct URL

Re: Can I use a wildcard in an FQDN object?

Can I use a wildcard in an FQDN object?

Re: FQDN URLs that change IP addresses quickly

Re: FQDN URLs that change IP addresses quickly