This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
About Brian_Shoemaker
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Brian_Shoemaker
03-24-2023
6Posts
2Likes
1Solution
Mar 24, 2023Last Visited
User
Activity
User
Profile
Latest posts by Brian_Shoemaker
| Subject | Views | Posted |
|---|---|---|
| 582 | 09-27-2022 12:36 PM | |
| 813 | 08-04-2022 05:19 PM | |
| 1053 | 07-27-2022 12:41 PM | |
| 1332 | 07-27-2022 08:09 AM | |
| 1367 | 07-25-2022 07:29 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 07-27-2022 12:41 PM | |
| 1 Like | 07-27-2022 08:09 AM |
User Badges
Community Statistics
| Member Since | 06-13-2022 06:19 AM |
| Date Last Visited | 03-24-2023 04:20 PM |
| Posts | 6 |
| Total Likes Received | 2 |
09-27-2022
12:36 PM
Is there a limit to the number of URL entries allowed or is it only limited by hardware resources?
We are a school district, so the number of whitelisted/blacklisted URLs is substantial - probably near 1000.
We are currently running PANOS 10.2 on a 5250.
Thanks.
... View more
08-04-2022
05:19 PM
Very quick question. We have set up another virtual router (currently running two with active users) and are trying to enable ECMP on the new virtual router.
When we attempt to enable ECMP, a firewall message states that 'Enabling/Disabling ECMP and configuration changes require a virtual router restart. Existing sessions may be impacted.'
My question is, does that restart only apply to the virtual router I am working on (in the attached screenshot - named 'Crown-VR'), or does it restart all virtual routers that are configured? If all virtual routers restart, it would greatly affect users.
Hopefully, it's a quick and straightforward answer.
Thanks. Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.
... View more
- Tags:
- ecmp
07-27-2022
12:41 PM
1 Kudo
Everything discussed here is within the Portal section (versus Gateway) of GlobalProtect. It looks like it uses a client authentication for the initial portal authentication. Then it chooses/loads the Agent configuration based upon user identification/authorization, leveraging local user db/LDAP Security Group/etc.
Whatever user group that user is a part of dictates which Agent config will load. Within that Agent config for that particular group, it will list the gateways available to choose from and specify if the user can manually choose their gateway or if it will automatically select one. You can move the Agent configurations up or down in the list.
So you can choose which user identification it will use first, based on the first group match. If I'm part of a VPN Users AD security group, but I am also a part of an IT Services group that has another gateway providing greater network access, I can move the IT Services to the top, so my authentication hits that match first and I get the IT Services gateway vs the VPN Users gateway, which would be a group that would have more limited access.
Here is a screenshot where I had to change Priority to Manual Only - even though On-Demand is checked at the bottom, the Priority supersedes that checkbox. So unless both places are set to Manual it will automatically try to choose the highest priority gateway.
... View more
07-27-2022
08:09 AM
1 Kudo
@Adrian_Jensen I was able to fix it. You were very close. I had seen that checkbox with 'Manual (the user can manually select this gateway' and had checked it near the beginning of my troubleshooting.
On that same window you specified in your post, you have to specify the 'Source Region' and once you select it, it adds that entry to the list. Once it's been created, there is a dropdown box name 'Priority' and that's where you can change it. You have options from 'Highest' to 'Lowest' and one option is 'Manual only'
I set it to Manual Only and now I'm prompted for it when connecting to the portal. Not the most intuitive place, when the exact wording is included in another checkbox on the same page, but it is what it is.
Thanks again for your help.
... View more
07-25-2022
07:29 AM
I've read that article and it exp how to set a preferred gateway in the client. The problem is that the end users are never prompted to specify a Gateway of choice in the first place. Once they authenticate to the portal, they aren't given an option.
It is set to allow users to select their Gateway On-Demand, but instead, it just connects directly to the first gateway.
This is from the article about setting a preferred gateway, but it's actually the behavior I want - to have them prompted each time.
Before this feature in place, if users need to connect to a specific gateway to access certain resources or connect from a particular geographical location, they must manually switch to that gateway each time they establish the GlobalProtect connection. With this enhancement, users can now automatically connect to a preferred gateway regardless of priority and response time.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-24-2023
04:20 PM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks