About dreputi

Hello all, the content referenced has an updated link. Please view the documentation referenced here ... View more

I set up exactly like Rick_Rutherford but I would to set up DHCP for ae1.100 (10.10.100.2 -250) but it doesn't let me create the DHCP. Any one know why?   thanks,   Le  ... View more

How to @wkey ?  also is there any way to integrate with Windows Radius? ... View more

Can you give an example for DIP NAT policy & security  policy, MIP i undestand with your below comment. also DST with NAT & SEC policy   ... View more

Hello Roh, From the spec sheet of 7050 and also the output of 'show system state | match policy' with latest panos version it shows 40,000 rules only. Click on 'show more' under 7050 Product Selection cfg.general.max-policy-rule: 40000 Hope that helps. -Dileep ... View more

Hi Nathan, Just to add to Dileep's answer: the data is not encrypted, but merely Base64 encoded, meaning anyone could restore the binary data from looking at the encoded data. Regards, Benjamin ... View more

Thanks all for the information and helps. ... View more

Hello Mandar, Check the following CLI output: > show global-protect-satellite current-gateway It will tell details of tunnel like: Tunnel Monitor Enabled : Yes Tunnel Monitor Interval : 3 seconds Tunnel Monitor Action : fail-over Tunnel Monitor Threshold : 5 attempts Tunnel Monitor Source : 10.11.12.12 Tunnel Monitor Destination : 172.16.1.254 Tunnel Monitor Status : Up Make sure you have proper connectivity between the above source and destination, also if there are any route flaps as you mentioned it is intermittent. Useful resources you may refer: Large Scale VPN (LSVPN) Deployment Guide Useful commands from this doc: Gateway/Portal show global-protect-gateway gateway type satellite- To view the gateway configuration summary. show global-protect-gateway flow-site-to-site- To view the established tunnel state. show global-protect-gateway flow-site-to-site tunnel-id <number> or show global-protect-gateway flow-site-to-site name <tunnel name > - To view the established tunnel details. You can view the tunnel-id using the command - show globalprotect-gateway flow-site-to-site show global-protect-gateway current-satellite- To view the details of current satellite. Satellite request global-protect-satellite get-gateway-config satellite <name> gateway-address <ip_address>- To fetch the configuration from the gateway if any configuration changes are made to the gateway. By default, the gateway configuration is refreshed every 2 hrs. request global-protect-satellite get-portal-config satellite <name>- To fetch the configuration from portal. By default, the gateway configuration is refreshed every 24 hrs. test global-protect-satellite gateway-connect gateway-address <IP address> method activation satellite <name>- Trigger GlobalProtect satellite connects to gateways. Hope that gives some info. Regards, Dileep ... View more

Thanks Pan OS. Regards Satish ... View more

Hello Mike, I haven't found any feature request for folders. May be you can contact your SE to submit a request. -Dileep ... View more

Exactly what dreputi said is correct! The 'backup' button would be the option to export the configuration under 'Device > Setup > Operations'. Thanks! Please do not forget to mark any 'helpful' or 'correct' replies. ... View more

> -Also issues with normal commit due to config like Darren mentioned above. This was definitely the problem in my case - confirmed it now. It's annoying that this application definition just disappeared - with, from memory, no notifications (at least, I don't recall any of the recent notices for content updates notifying of this being changed) - although it *is* possible I missed it. ... View more

Hello Panlst, The answer to your question is 'No' under your conditions. In general, following are the options: 1. Use a certificate signed by 3rd party vendor like Verisign, GoDaddy, etc. This is best solution as this cert will be trusted by all the browsers irrespective of the device. 2. Use a PAN self signed certificate or domain generated sub-ordinate certificate. Install its certificate authority on the client browsers. Though technically this will work, practically it is very difficult to implement this since typically you wouldn't be knowing which device the user will be using. So not scalable. Hope it helps. Regards, Dileep ... View more

Thanx all for your replies, they've been really helpful. ... View more

You are right Chris! Usually with GP, these are some key things that I ensure with respect to certificates, so just wanted to emphasize that it is taken care. Like we all discussed, the culprit here is the match in the address field for IP/FQDN. Thanks, Dileep ... View more