Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About rapoint_person
About rapoint_person
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
08-18-2015
61Posts
15Likes
1Solution
Aug 18, 2015Last Visited
User
Activity
User
Profile
Latest posts by rapoint_person
| Subject | Views | Posted |
|---|---|---|
| 1215 | 11-28-2013 12:08 AM | |
| 1913 | 01-25-2012 12:58 AM | |
| 844 | 01-19-2012 12:26 AM | |
| 464 | 12-15-2011 12:20 AM | |
| 794 | 12-14-2011 05:57 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 03-02-2011 12:59 PM | |
| 1 | 09-27-2011 08:12 AM | |
| 1 | 02-18-2011 10:36 AM | |
| 1 | 02-15-2011 06:26 AM | |
| 1 | 03-11-2011 04:03 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 2 | |||
| 3 |
User Badges
Public Statistics
| Date Registered | 02-22-2010 05:55 AM |
| Date Last Visited | 08-18-2015 09:06 AM |
| Total Messages Posted | 61 |
| Total Likes Received | 15 |
11-28-2013
12:08 AM
I agree 100% with this one: - Improve FW UI in a way to allow creation of Rule Sections. Now the rulebase is quickly becoming very confusing. Look at the Migration Tool, that's how It's done (Thanks Albert 🙂
... View more
01-25-2012
12:58 AM
Agree that a scheduler on-box would be nice. However, ssh-key auth is available from 4.1. This means that you can automate backups by adding a cron job on an external box. Simple enough.
... View more
01-19-2012
12:26 AM
I'd say - look at Global Protect if you want a packaged product. If you have the skills/time you could use the API to push computer names and IP in to the PAN. Would require some development time on your end though.
... View more
12-15-2011
12:20 AM
I'd have to agree. RSA keys and Certificates in general is something I'd like to see.
... View more
12-14-2011
05:57 AM
CLI? set address <name> ip-netmask 1.1.1.1/32 and/or: set address-group <addressbook entry> Should be able to create a large number of set commands with an editor of your choice.
... View more
12-12-2011
06:17 AM
Are we talking about virtual desktops or terminal server/citrix here? Please elaborate a bit further on the subject.
... View more
12-09-2011
01:03 AM
I understand what you are saying, and I agree it would be ideal if we could use static IPs. I'm just saying that using "source users" could be a workaround in some cases. For instance allowing the SSLVPN network to manage the box, but then limiting which users actually can access to the management interface with a user based security policy. Just want share some ideas of doing things differently by taking advantage of knowing the source users.
... View more
12-08-2011
08:49 AM
Why not use the fact that you are identified as a user when logging in to the VPN-Portal? If the tunnel-interface is in it's own zone you can create security rules based on source user rather than static IP's.
... View more
12-08-2011
03:57 AM
Yes, I have seen that type of behavior a few times. The reason being that the agent is continuously reading the DC/Exchange logs that you point out in the agent configuration. The more complex the environment (number of users, number of polled DC's per agent) will have an impact on how much traffic that is generated. Unfortunately reading the security log is something that can consume quite a lot of bandwidth in some environments. If possible I suggest you try adding one more agent and place it closer to the remote DC/Exchange server.
... View more
11-23-2011
08:37 AM
1 Kudo
Yes, that my friend is in the manual. In the gui simply click the VR, Add the route (network/mask/gw) and commit. Thats about it.
... View more
11-23-2011
06:23 AM
1 Kudo
No, a VR holds both static and dynamic routes, (if used). Lets say your VR looks like this: Route Gateway Interface 0.0.0.0/0 195.1.2.3 eth1 192.168.20.0/24 192.168.10.5 eth2 195.1.2.1/27 eth1 192.168.10.1/24 eth2 In the example above, using anti-spoofing on the zone with eth2 as a member interface would only allow hosts from the directly connected network 192.168.10.0/24 and the nexthop network 192.168.20.0/24 as these two networks are the only ones with valid return routes. The PAN-device extracts the source IP and source interface, (source zone) when the ingress packet arrives.
... View more
11-23-2011
01:53 AM
1 Kudo
OK, thanks for the info. Hope this does change in a future release. I bet 99.9% of us using the feature in question are under the assumption that the pattern is matched against the host portion of the URL.
... View more
11-23-2011
01:35 AM
1 Kudo
Anti-spoofing is not based on any address-book or address-group entry. It is simply based on the routes you have in your VR. In other words you need to compare route tables between your Checkpoint-GW and the PAN-device.
... View more
11-18-2011
01:56 AM
OK, so the wildcard in the URL-filter makes no distinction between URI-path and the host portion? Is that true in all releases?
... View more
11-11-2011
06:22 AM
I never got Shrew working, (didn't put that much effort in to it either). VPNC works like a charm though. I actually prefer VPNC as it is integrated with NetworkManager (I'm on a Ubuntu box). Simply put in the following in the client: Gateway: globlaprotect.company.com Username (Most cases your LDAP/AD user account authenticating with Kerberos/LDAP) Group name: sharedusername (xauth shared user in Palo) Group Passwd: Encryption Standard NATT: Enabled xAuth enabled, IPsec enabled, Skip Ike rekey = Palo Alto side of things.
... View more
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
