This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Sanjay_Ramaiah
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Sanjay_Ramaiah
06-05-2023
47Posts
1Like
0Solutions
Jun 05, 2023Last Visited
User
Activity
User
Profile
Latest posts by Sanjay_Ramaiah
| Subject | Views | Posted |
|---|---|---|
| 65 | 06-05-2023 07:57 AM | |
| 126 | 06-05-2023 05:40 AM | |
| 206 | 05-17-2023 12:36 AM | |
| 231 | 05-17-2023 12:30 AM | |
| 303 | 05-16-2023 12:01 AM | |
| 255 | 05-15-2023 11:51 PM | |
| 399 | 04-26-2023 05:32 AM | |
| 467 | 04-12-2023 01:49 AM | |
| 581 | 04-03-2023 12:20 AM | |
| 628 | 03-29-2023 11:56 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 06-05-2023 07:57 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 10-19-2022 10:17 PM |
| Date Last Visited | 06-05-2023 09:33 AM |
| Posts | 47 |
| Total Likes Received | 1 |
06-05-2023
07:57 AM
1 Kudo
Hi Tom,
After further checking i see the same IP is being NATted to the different internal IP behind the LAN interface.
That NAT is on TOP of the NAT rule base which could be the reason for traffic going to LAN interface.
Thank you very much, i am bit confident now about the NATs in Palo after your confirmation.
Issue is not resolved, i have requested customer to provide me the unused IP in the same subnet and awaiting response. Will let the trail updated.
Regards,
Sanjay S
... View more
05-17-2023
05:32 AM
1 Kudo
Hi @Sanjay_Ramaiah ,
As mentioned here - https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oM3WCAU&lang=en_US%E2%80%A9 adding domain exclusion or inclusion will not make any difference to the routing table (except that it will add default route pointing to the tunnel, if such does not already exist).
Probably the easiest way would be to generate some traffic to the excluded domain and check firewall logs if you see traffic reaching the firewall - either check traffic log, filtering by destination IP, or URL log filtering by url (if the generated traffic is HTTP/S)
Check also the following link for tips how to troubleshoot split-tunnel config - https://live.paloaltonetworks.com/t5/globalprotect-articles/troubleshoot-split-tunnel-domain-amp-applications-and-exclude/ta-p/321075
... View more
05-17-2023
02:59 AM
1 Kudo
Hi @Sanjay_Ramaiah ,
If you change the Primary Username to userPrincipalName , then it will list the group members in UPN format. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CpgcCAC&lang=en_US%E2%80%A9 The users in the group will match your SAML format.
Maybe you cannot do that because you have other User-ID sources currently working with group mapping. If this is the case, you are on the right track to get your usernames standardized in the right format.
Thanks,
Tom
... View more
05-16-2023
10:51 PM
1 Kudo
Hi @Sanjay_Ramaiah ,
Think of sub-interfaces as a way to divide one physical network connection into multiple virtual connections. It's like having several mini-networks within a single network connection.
For example, let's say you have three VLANs: VLAN 10, VLAN 20, and VLAN 30. Instead of needing three separate physical ports on the firewall, you can create three sub-interfaces on a single physical port. Each sub-interface is associated with one VLAN.
By doing this, you can treat each sub-interface as if it were a separate network port. You can apply different security rules, policies, and routing configurations to each sub-interface. It helps in isolating traffic between different VLANs or subnets and controlling how they communicate with each other.
... View more
05-09-2023
12:04 AM
EDL can not be used for Split tunnel as you can just click the options for split tunnel and see that there are no EDL options.
The prisma access cloud has peering with AWS and Azure so I do not understand why you would want split tunnel as for speed you can just dissable the SSL decryption for office 365 ip addresses and urls and this is where you can use EDL in the security and decryption policies to not decrypt office 365 and Palo Alto hosts such dinamic lists for the office 365. I suggest to read the links below:
https://docs.paloaltonetworks.com/resources/edl-hosting-service
https://www.paloaltonetworks.com/resources/techbriefs/prisma-access-microsoft-365
https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed-admin/secure-mobile-users-with-prisma-access/office-365-integration-with-explicit-proxy
... View more
04-12-2023
01:49 AM
Hi Tom,
Looks like the certificate issue. checked few of the KBs to update the key of the server but still the same issue.
Failed exporting config bundle via ssh to x.x.x.x. No ECDSA host key is known for x.x.x.x ...Host key verification failed...lost connection
... View more
03-27-2023
08:54 AM
1 Kudo
The only thing you can do without decryption outside of fqdn/ip address is SNI:
How to identify url information on SSL traffic without decryption
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PObsCAG&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail
... View more
03-20-2023
04:29 PM
Hello @Sanjay_Ramaiah
in a Firewall a session is defined by two unidirectional flows each uniquely identified by a 6 tuple key: source IP address, destination IP address, source port, destination port, protocol, and source zone. If traffic has match for policy and the action of the policy is set to deny, then there is no further inspection and traffic is blocked with the log recorded as action: "deny" session end reason: "policy-deny".
In the case, the policy action is set to allow, then there is further L7 inspection where traffic can be eventually dropped based on further inspection. Here is the KB with more details. If you want to deep dive into exact reason for traffic being blocked click on magnifying glass icon on left hand side.
Kind Regards
Pavel
... View more
03-20-2023
06:04 AM
Hello,
Please make sure you have 'Log At Session End' checked on all of your policies. Are you decrypting the traffic? If yes, tey bypassing it as mobile devices might not trust the one used by the PAN for decryption, etc.
Regards,
... View more
03-20-2023
05:30 AM
Hi All,
We have configured different port for syslog in the PA-460 firewall.
Server Profile > Syslog > Name, Syslog server, Transport, Port(Here we used different port than default 514).
But we can still see the syslog traffic is being generated with the default port 514 itself. Is there any additinal steps that i need to follow to get this setup working with the different port?
Regards,
Sanjay S
... View more
03-16-2023
05:38 AM
Hi Team,
Please let me know how to check the URL DB version for Prisma.
As checked in Dynamic updates i can see only Antivirus, Application and Threats, Device Dictionary and WF.
Also we will not have access to any of RN or MU-SPNs to check. May i know is there anywhere i can check that?
Regards,
Sanjay S
... View more
03-13-2023
11:48 PM
Hi All,
This issue started this weekend as soon as i changed the authentication method of GlobalProtect to SAML. MAC users are unable to connect to GP. When checked looks like many other users are also faced this issue but not seeing any fix for it. Please suggest.
LIVEcommunity - globalprotect authentication issues using SAML on MacOS - LIVEcommunity - 243691 (paloaltonetworks.com)
Regards,
Sanjay S
... View more
02-22-2023
06:53 AM
Hi Team,
Users are trying to enable webcam when they are on gotowebinar meeting. However, they are unable to enable the CAM and other things works absolutely fine.
Below are the steps i followed to tshoot this issue.
> Created a rule with the APP-ID gotowebinar and gotomeeting to allow access.(This did not help)
>Tried checking logs and found the IP address which was deny in the subtype saying Decryption para error.
>Allowed that particular IP in No-Decryption policy and checked but still teh same issue.
>Gave complete access to a particular IP without adding any profiles like anti-virus, wildfire, URL etc and checked still user was not able to access the CAM.
So i completely believe this is something to do with Decryption policy.
When i checked the list of IPs there are more than 10 bigger subnets in the list for gotowebinar or gotomeeting.
https://support.goto.com/meeting/help/minimal-firewall-settings-for-using-the-gotomeeting-gotowebinar-and-gototraining-desktop-app
So believe that allowing these ranges in no-decrypt is quite risky. Please suggest any better way to get this access working for enabling the CAM when the users are on gotowebinar meeting.
Regards,
Sanjay S
... View more
02-14-2023
11:35 PM
Thank you Metgatz for the info.
I will work on this and update the post with the outcome.
Regards,
Sanjay S
... View more
02-06-2023
11:24 AM
2 Kudos
If it is a decryption error then in the logs it will most likely show "Session End Reason: decrypt-error" in the logs. You can try bypassing decryption and see if that fixes it, though I suspect it won't.
Note that you can not bypass decryption on a particular URL, you have to bypass the entire server (either by IP or by FQDN). This is because you can't know the URL without decryption the session, just the server name the client is connecting to.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2023
09:33 AM
|
Latest Tags
No tags yet
Likes Given To
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks