Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
About Charles_Cabico
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About Charles_Cabico
05-03-2017
3Posts
0Likes
0Solutions
May 03, 2017Last Visited
User
Activity
User
Profile
Latest posts by Charles_Cabico
| Subject | Views | Posted |
|---|---|---|
| 2153 | 11-11-2015 05:11 PM | |
| 3018 | 08-02-2015 10:55 PM | |
| 3050 | 08-02-2015 04:45 PM |
User Badges
Community Statistics
| Member Since | 08-02-2015 04:24 PM |
| Date Last Visited | 05-03-2017 01:18 AM |
| Posts | 3 |
11-11-2015
05:11 PM
The scenario is 3 firewalls, with PA-HO acting as the hub and PA-1 and PA-2 as the branch sites. The Branch sites connect to the head office network via ipsec tunnels to PA-HO and vice-versa.
Due to multple dis-contigous subnets on the branches, it was decided to use 0.0.0.0/0 proxy-ids for the tunnels. This was proven to work for the PA-HO and PA-1 tunnel (both local and remote networks set to 0.0.0.0/0).
Would it be possible to set the proxy-id for tunnel between PA-HO and PA-2 as 0.0.0.0/0 as well.
Many thanks in advance for your comments/feedback.
... View more
Labels:
- Labels:
-
VPN
08-02-2015
10:55 PM
Thanks Steven. Just to confirm that if I follow this route, then I would need to explicitly define all networks to be user-id'd under the include action. How the User-ID Agent Include/Exclude List Works
... View more
08-02-2015
04:45 PM
Hi All, Is there a way in PanOS 6.1.x to manually map a user-id to an ip-address. Or is there a way to set an IP-address to be exempt from the user-id mapping policy. I have PA-500s being staged behind a generic firewall inside a production network with a PA-3000 on the perimeter. The PA-500s NAT their external connections via the generic firewall and cannot establish connection to the PA update server without connecting a laptop behind the generic fw and authenticating via the captive portal. Regards, Charles
... View more
- Tags:
- user-ip_mapping
Labels:
- Labels:
-
User-ID
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-03-2017
01:18 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2021 - Palo Alto Networks
