Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About MelLi
About MelLi
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
11-25-2015
07:58 PM
Hi Migration,
This might help with answering your question:
An HTTP request and a response constitute one transaction. A session could have one or more transactions.
Cheers,
Mel
... View more
05-07-2015
03:43 PM
Hi Dburns, The commands works for my customer but after a while there are user entries showing XMLAPI again in the user id table. Customer confirmed they have removed the API setting. But will confirm with them again to see what exactly happend. Thanks for your comments. Cheers, Mel
... View more
05-06-2015
09:28 PM
Hi Wlitdeparment, We had a similar issue with the same error message seeing in the useridd.log. It turns out to be the setting of the user mapping was not correct. Please check your WMI authentication setting in user mapping, make sure the username and password is set correctly.' Cheers, Mel
... View more
05-06-2015
04:06 PM
Hi Guys, thanks for your reply. We did test to clear user information from mp and dp, but the users are still showing up in the user id table as XMLAPI. We have opened a support case with PA TAC. Will update once the true cause has been found. Thanks, Cheers, Mel
... View more
05-01-2015
09:14 PM
Hi guys, My customer previously used XMLAPI to push User-ID info to Palo Alto but they now have an Aruba Clearpass appliance which will be handling all User-ID information via Syslog. Due to software issues they cannot currently use XMLAPI between Clearpass and Palo Alto as the system has multiple vsys. Now the issue is that there are a lot of entries in the User-ID table from XMLAPI with a timeout of never, they have tried disabling all XMLAPI settings on devices and denying HTTPS traffic from these devices to the Palo Alto yet whenever they clear the User cache these entries are instantly re-populated, an example is shown below. IP Vsys From User IdleTimeout(s) MaxTimeout(s) --------------- ------ ------- -------------------------------- -------------- ------------- 10.82.233.137 vsys1 XMLAPI xxx\176724 Never Never 10.83.161.130 vsys1 XMLAPI xxxc\pcipad Never Never Did anyone have ever seen similar issues? Thanks, Cheers, Mel
... View more
- Tags:
- xmlapi
Labels:
04-06-2015
07:19 PM
Hi Hardik, Do you have any suggestions for this OCSP error we are having? Thanks, Cheers, Mel
... View more
03-23-2015
06:12 PM
Hi Hardik, We were testing in the lab environment, where both firewalls are directly connected to the server. Is there any document we can follow to further troubleshoot this. I do have a doc file recording our settings for the OCSP, do you think I can send it to you and you can help us to verify the settings are 100% correct? Thanks, Cheers, Mel
... View more
03-22-2015
04:54 PM
Hi Filipe, I had the same issue as you did, have you fixed the error message you got? If you did, can you please share with me what are the fixes? Thanks, Cheers, Mel
... View more
03-22-2015
04:30 PM
Hi Guys, My client has configured LSVPN. The tunnel is up, but he is getting the sslmgr-cert-ocsp-verify-failed error message. It said SSLMGR certificate ocsp verification failed. Certificate xx status is unavailable. Has anyone experienced the same issue before, how can we fix this? We configured the LSVPN ans OCSP respond according to the below documents: Controlling LSVPN Satellite Connections with OCSP How to Configure an OCSP Responder Thanks in advance, Cheers, Mel
... View more
- Tags:
- ocsp
Labels:
03-17-2015
06:07 PM
Hi Guys, Did you ever experienced the below: When our customer tried to access software update page on their support portal they saw 'no software updates found' Does this mean the account doesn't have access to the software info? Thanks, Cheers, Mel
... View more
- Tags:
- support_portal
03-04-2015
07:48 PM
1 Kudo
Hi Hulk, Thanks so much for the answer. Cheers, Mel
... View more
03-04-2015
07:34 PM
Hi Hardik, Thanks for your reply. May I know the feature request number? Thank you. Cheers, Mel
... View more
03-04-2015
06:51 PM
Hi Guys, Our customer uses Palo Alto in an education institute. They want to find out if Palo Alto firewall provides features such that if someone try to access certain website, for example, adult site, suicide site, the firewall will automatically send email to alert the network admin. So far, I haven't found any document about this. But what I can think of, is to configure url filtering profile with action continue, then the admin can filter on the url filtering logs to find out these behaviors. Is there a specific feature we can use to achieve the above requirements, sending automatic alert message to admin via email or other ways? Thanks. Cheers, Mel
... View more
- Tags:
- url_filtering
Labels:
03-03-2015
07:05 PM
Hi Jthakur, Thank you for your suggestions. But there is still no success from our end. Please find our amended config using Field Identifier rather than Regex, in addition another SNMP trap from our test machine. Mar 4 13:00:27 syslog1 snmptrapd[2559]: 2015-03-04 13:00:27 10.5.80.1(via UDP: [10.5.80.1]:1028->[10.5.80.47]:162) TRAP, SNMP v1, community public#012#011iso.3.6.1.4.1.14179.2.6.3 Enterprise Specific Trap (53) Uptime: 83 days, 4:06:36.07#012#011iso.3.6.1.4.1.14179.2.6.2.35.0 = Hex-STRING: F8 4F 57 A4 C2 B0 #011iso.3.6.1.4.1.14179.2.6.2.36.0 = INTEGER: 0#011iso.3.6.1.4.1.14179.2.6.2.43.0 = IpAddress: 10.5.185.2#011iso.3.6.1.4.1.14179.2.6.2.34.0 = Hex-STRING: E4 CE 8F 5B A5 54 #011iso.3.6.1.4.1.14179.2.6.2.39.0 = STRING: "test.staff"#011iso.3.6.1.4.1.14179.2.2.1.1.3.6.248.79.87.164.194.176 = STRING: "WAP-001” Doing a TCP dump, we can certainly verify that the PAN is receiving the messages. Is there any debugging commands we can use on the PAN to see whether the device is interpreting the messages correctly? We can see the below output from our PAN: Proxy: syslog1(vsys: vsys1) Host: syslog1(10.5.80.47) number of log messages : 75255 number of auth. success messages : 0 kris.kopicki@gw> show user server-monitor state syslog1 UDP Syslog Listener Service is enabled SSL Syslog Listener Service is enabled Proxy: syslog1(vsys: vsys1) Host: syslog1(10.5.80.47) number of log messages : 75259 number of auth. success messages : 0 Have you got any suggestions? Should we open a support case for this? Thanks in advance. Cheers, Mel
... View more
03-02-2015
06:33 PM
Hi Jthakur, Thanks for your reply. Please find a sample of the data Feb 27 16:18:52 syslog1 snmptrapd[2559]: 2015-02-27 16:18:52 10.5.80.1(via UDP: [10.5.80.1]:1028->[10.5.80.47]:162) TRAP, SNMP v1, community public#012#011iso.3.6.1.4.1.14179.2.6.3 Enterprise Specific Trap (53) Uptime: 78 days, 7:24:55.14#012#011iso.3.6.1.4.1.14179.2.6.2.35.0 = Hex-STRING: F8 4F 57 A4 C2 B0 #011iso.3.6.1.4.1.14179.2.6.2.36.0 = INTEGER: 0#011iso.3.6.1.4.1.14179.2.6.2.43.0 = IpAddress: 10.5.185.5#011iso.3.6.1.4.1.14179.2.6.2.34.0 = Hex-STRING: D8 96 95 11 3D 8F #011iso.3.6.1.4.1.14179.2.6.2.39.0 = STRING: "sarah.harris"#011iso.3.6.1.4.1.14179.2.2.1.1.3.6.248.79.87.164.194.176 = STRING: "WAP-001” We have used the document https://live.paloaltonetworks.com/docs/DOC-8771 However,the date output is completely different between the WLC5500 and 3850. Is there any other document we can refer to? Thanks, Cheers, Mel
... View more
03-02-2015
03:53 PM
Hi, Can anyone please help to point me to the right direction? Thanks,
... View more
03-01-2015
09:32 PM
Hi Guys, Just wondering if there is any documentation for verifying the syntax in PA-500 that is configured correctly to identify UserID data from a Cisco 3850 Intergrated WLD via a dedicated Syslog server. Cisco 3850 uses the IOS-XE platform. Thanks, Cheers, Mel
... View more
- Tags:
- syslog
Labels:
02-19-2015
02:58 PM
Hi Tijl, Thanks for your reply. The software version is 6.0.3. We assume this might be the certificate issue as once the website is added to bypass ssl decryption, and it works. Cheers, Mel
... View more
02-15-2015
09:52 PM
Hi emr, Thanks for the suggestion. But is it possible to request PA to add certain CA in the next release? Cheers, Peiyao
... View more
02-15-2015
04:51 PM
Hi guys, Our staff try to access on website https://webmail.spintel.net.au , but session 'aged out'. If we set that website to bypass decryption, it worked. The certificate was issued by RapidSSL SHA256 CA- G3, but it is not on the trusted CA list. However, its root CA was listed. Is there a process/way to alert Palo Alto to add the Certificates to the list? Thanks, Cheers
... View more
- Tags:
- certiifcate
02-08-2015
09:44 PM
1 Kudo
Thanks Hulk! Much appreciated. Cheers, Mel
... View more
02-08-2015
09:39 PM
1 Kudo
Hi Hulk, Thanks for your reply. That helps a lot for understanding this report. Cheers, Mel
... View more
02-08-2015
03:50 PM
Hi Guys, With a PA-3020, can I log the NTLM username of an authenticated HTTP request? The situation: PA firewall is located between end users and proxy server Proxy provides NTLM authentication Can I log the username of each NTLM authentication request Thanks, Cheers, Mel
... View more
- Tags:
- ntlm
02-08-2015
02:54 PM
Hi Guys, We have followed the below suggestion to block the Opera-Mini Browser application Re: Block internet access using Opera Mini However, during our test, although traffic log says its getting denied, but users can get to the first or second page on the porn websites and then it blocks . Is there any other ways to block this application completely? Thanks in advance for your help. Cheers, Mel
... View more
Labels:
02-08-2015
02:49 PM
Hi Guys, I have a question about PA Daily Networks Report. On the last report we ran, the top five URL categories were the below web-advertisements 4,582 proxy-avoidance-and-anonymizers 162 unknown 70 malware 65 games 20 Can anyone please help me to understand Web advertisements as the top URL - does PAN have an explanation for this category? Unknown - Why/how are URL listed as unknown. For the Unknown categories, I assume the database doesn't contain the categories users were browsing, but my customer was not quite satisfy with this unknown categories showing in the top five categories. Thanks. Cheers, Mel
... View more
- Tags:
- reporting!!
Labels:
11-09-2014
03:17 PM
Hi Guys, We have some questions regarding to captive portal and SSL inbound inspection: Can captive portal be used with SSL inbound inspection to filter users based on their client certificate while still maintaining a mutually authenticated TLS session between client and the end server. Can the client certificate used in the mutually authenticated TLS session be used as the logon credential for the captive portal at the same time Thanks.
... View more
11-12-2018
27Posts
3Likes
0Solutions
Nov 12, 2018Last Visited
User
Activity
User
Profile
Latest posts by MelLi
| Subject | Views | Posted |
|---|---|---|
| 494 | 11-25-2015 07:58 PM | |
| 1074 | 05-07-2015 03:43 PM | |
| 795 | 05-06-2015 09:28 PM | |
| 1073 | 05-06-2015 04:06 PM | |
| 1121 | 05-01-2015 09:14 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 03-04-2015 07:48 PM | |
| 1 | 02-08-2015 09:44 PM | |
| 1 | 02-08-2015 09:39 PM |
User Badges
Public Statistics
| Date Registered | 11-14-2013 07:01 PM |
| Date Last Visited | 11-12-2018 03:06 AM |
| Total Messages Posted | 28 |
| Total Likes Received | 3 |
Latest Blogs
Copyright 2007 - 2020 - Palo Alto Networks
