This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About WilliamD
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About WilliamD
03-15-2023
9Posts
2Likes
2Solutions
Mar 15, 2023Last Visited
User
Activity
User
Profile
Latest posts by WilliamD
| Subject | Views | Posted |
|---|---|---|
| 200 | 01-27-2023 12:51 AM | |
| 354 | 01-12-2023 01:52 AM | |
| 458 | 01-09-2023 07:58 AM | |
| 547 | 09-14-2022 05:25 AM | |
| 623 | 09-13-2022 03:19 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 2 Likes | 01-12-2023 01:52 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like |
My LIVEcommunity Articles Contributions
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like |
User Badges
Community Statistics
| Member Since | 09-06-2022 04:39 AM |
| Date Last Visited | 03-15-2023 07:06 AM |
| Posts | 9 |
| Total Likes Received | 2 |
01-27-2023
12:51 AM
Sorry to drag up an old thread but I just started getting this error having enabled the cookie creation on the Portal and allowing the override on the Gateway.
The device check I have on the Portal is making sure I have a machine certificate in place, the system is a domain system. Despite this error the cookie allows only one round of authentication whereas we were experiencing two rounds of authentication before making the cookie additions.
Is the a bug?
... View more
01-12-2023
01:52 AM
2 Kudos
This was resolved by TAC in the end.
Some information if anyone else comes by this way in the future.
url-filtering not working on new profile, show url-cloud status giving blank output.
TAC had me run:
request content upgrade check
The output was showing the correct release date was installed. It didn't however match the date when running
show system info
Restarted management-server didn't fix it, final solution:
debug software restart process device-server
This restarts communication between data and management plane, some bits of note during this process the following will not work:
-Config push to dataplane
-URL filtering request response
-Dataplane port status changes
-Other misc. communication with dataplane
After the restart url-filtering works again and 'show url-cloud status' is responding as it should.
... View more
01-09-2023
07:58 AM
I am trying to get a basic url filtering profile setup.
I have cloned the existing default listing
I have applied the clone to my outbound policy
Nothing is being blocked, I can get everywhere!
My troubleshooting has then led me to the 'show url-cloud status' CLI command but this returns nothing, it simply appears to timeout after 20-30 seconds with no output.
My guess is something has fallen over but not sure what my options are other than restarting the device. Anything I can do without losing connectivity?
... View more
09-14-2022
05:25 AM
Plugging in the Outside interface into a small switch brought the interface up and the translation between internal and DMZ then occurred as expected. I don't remember seeing anything about this in the documentation but I guess a one-liner I may have missed.
Thanks for posting back OtakarKlier I did learn how to use the monitor a little so it wasn't a waste of time.
... View more
09-13-2022
03:19 AM
Configuring a new PA-850, new to this so go easy on me.
I have three zones, internal, outside, DMZ.
DMZ webserver
Private IP = 192.168.2.16
Public IP = 212.12.34.56
I have created two NAT rules as follows:
internal u-turn to DMZ
source zone = internal
dest zone = outside
dest address = 212.12.34.56
dest translated address = 192.168.2.16
external to DMZ
source zone = any
dest one = outside
dest address = 212.12.34.56
dest translated address = 192.168.2.16
For purposes of testing this is working I have created a security rule of ANY ANY.
I can only view the webserver from the internal network using the internal IP address of 192.168.2.16, using the FQDN or public IP I only get timeouts. Wireshark on the internal clients show outbound HTTP but Wireshark on the server shows no traffic inbound except when using 192.168.2.16.
The u-turn NAT rule is above the public NAT rule and the hide-NAT rule is last in the list. I am sure I am missing something simple but I have been through the how to u-turn video and guide here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEiCAK
The only thing I can see is there is also some source translation in the video which is not shown in the document but I think that is a red herring.
Any ideas?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-15-2023
07:06 AM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks