This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Charles_Cabico
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Charles_Cabico
05-03-2017
3Posts
0Likes
0Solutions
May 03, 2017Last Visited
User
Activity
User
Profile
Latest posts by Charles_Cabico
| Subject | Views | Posted |
|---|---|---|
| 3059 | 11-11-2015 05:11 PM | |
| 4247 | 08-02-2015 10:55 PM | |
| 4283 | 08-02-2015 04:45 PM |
User Badges
Community Statistics
| Member Since | 08-02-2015 04:24 PM |
| Date Last Visited | 05-03-2017 01:18 AM |
| Posts | 3 |
11-11-2015
05:11 PM
The scenario is 3 firewalls, with PA-HO acting as the hub and PA-1 and PA-2 as the branch sites. The Branch sites connect to the head office network via ipsec tunnels to PA-HO and vice-versa.
Due to multple dis-contigous subnets on the branches, it was decided to use 0.0.0.0/0 proxy-ids for the tunnels. This was proven to work for the PA-HO and PA-1 tunnel (both local and remote networks set to 0.0.0.0/0).
Would it be possible to set the proxy-id for tunnel between PA-HO and PA-2 as 0.0.0.0/0 as well.
Many thanks in advance for your comments/feedback.
... View more
Labels:
- Labels:
-
VPN
08-02-2015
10:55 PM
Thanks Steven. Just to confirm that if I follow this route, then I would need to explicitly define all networks to be user-id'd under the include action. How the User-ID Agent Include/Exclude List Works
... View more
08-02-2015
04:45 PM
Hi All, Is there a way in PanOS 6.1.x to manually map a user-id to an ip-address. Or is there a way to set an IP-address to be exempt from the user-id mapping policy. I have PA-500s being staged behind a generic firewall inside a production network with a PA-3000 on the perimeter. The PA-500s NAT their external connections via the generic firewall and cannot establish connection to the PA update server without connecting a laptop behind the generic fw and authenticating via the captive portal. Regards, Charles
... View more
- Tags:
- user-ip_mapping
Labels:
- Labels:
-
User-ID
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-03-2017
01:18 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks