cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

About MelLi

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
MelLi
‎11-12-2018
since ‎11-14-2013
L2 Linker
User Activity
User Profile
User Badges
Community Statistics
Member Since ‎11-14-2013 07:01 PM
Date Last Visited ‎11-12-2018 03:06 AM
Posts 28
Total Likes Received 4

Re: Transaction and session of signature scope

by in General Topics
‎11-25-2015 07:58 PM
1 Kudo
‎11-25-2015 07:58 PM
1 Kudo
Hi Migration,   This might help with answering your question: An HTTP request and a response constitute one transaction. A session could have one or more transactions.   Cheers, Mel ... View more

Re: Entries in User-ID table show info pushed from XMLAPI never timeout

by in General Topics
‎05-07-2015 03:43 PM
‎05-07-2015 03:43 PM
Hi Dburns, The commands works for my customer but after a while there are user entries showing XMLAPI again in the user id table. Customer confirmed they have removed the API setting. But will confirm with them again to see what exactly happend. Thanks for your comments. Cheers, Mel ... View more

Re: Server monitoring - active directory connection - error

by in General Topics
‎05-06-2015 09:28 PM
‎05-06-2015 09:28 PM
Hi Wlitdeparment, We had a similar issue with the same error message seeing in the useridd.log. It turns out to be the setting of the user mapping was not correct. Please check your WMI authentication setting in user mapping, make sure the username and password is set correctly.' Cheers, Mel ... View more

Re: Entries in User-ID table show info pushed from XMLAPI never timeout

by in General Topics
‎05-06-2015 04:06 PM
‎05-06-2015 04:06 PM
Hi Guys, thanks for your reply. We did test to clear user information from mp and dp, but the users are still showing up in the user id table as XMLAPI. We have opened a support case with PA TAC. Will update once the true cause has been found. Thanks, Cheers, Mel ... View more

Entries in User-ID table show info pushed from XMLAPI never timeout

by in General Topics
‎05-01-2015 09:14 PM
‎05-01-2015 09:14 PM
Hi guys, My customer previously used XMLAPI to push User-ID info to Palo Alto but they now have an Aruba Clearpass appliance which will be handling all User-ID information via Syslog. Due to software issues they cannot currently use XMLAPI between Clearpass and Palo Alto as the system has multiple vsys. Now the issue is that there are a lot of entries in the User-ID table from XMLAPI with a timeout of never, they have tried disabling all XMLAPI settings on devices and denying HTTPS traffic from these devices to the Palo Alto yet whenever they clear the User cache these entries are instantly re-populated, an example is shown below. IP              Vsys   From    User                             IdleTimeout(s) MaxTimeout(s) --------------- ------ ------- -------------------------------- -------------- ------------- 10.82.233.137   vsys1  XMLAPI  xxx\176724                 Never          Never 10.83.161.130   vsys1  XMLAPI  xxxc\pcipad              Never          Never Did anyone have ever seen similar issues? Thanks, Cheers, Mel ... View more
Labels:

Re: SSLMGR-cert-ocsp-verify-failed error

by in General Topics
‎04-06-2015 07:19 PM
‎04-06-2015 07:19 PM
Hi Hardik, Do you have any suggestions for this OCSP error we are having? Thanks, Cheers, Mel ... View more

Re: SSLMGR-cert-ocsp-verify-failed error

by in General Topics
‎03-23-2015 06:12 PM
‎03-23-2015 06:12 PM
Hi Hardik, We were testing in the lab environment, where both firewalls are directly connected to the server. Is there any document we can follow to further troubleshoot this. I do have a doc file recording our settings for the OCSP, do you think I can send it to you and you can help us to verify the settings are 100% correct? Thanks, Cheers, Mel ... View more

Re: Please help me about sslmgr error !!!

by in General Topics
‎03-22-2015 04:54 PM
‎03-22-2015 04:54 PM
Hi Filipe, I had the same issue as you did, have you fixed the error message you got? If you did, can you please share with me what are the fixes? Thanks, Cheers, Mel ... View more

SSLMGR-cert-ocsp-verify-failed error

by in General Topics
‎03-22-2015 04:30 PM
‎03-22-2015 04:30 PM
Hi Guys, My client has configured LSVPN. The tunnel is up, but he is getting the sslmgr-cert-ocsp-verify-failed error message. It said SSLMGR certificate ocsp verification failed. Certificate xx status is unavailable. Has anyone experienced the same issue before, how can we fix this? We configured the LSVPN ans OCSP respond according to the below documents: Controlling LSVPN Satellite Connections with OCSP How to Configure an OCSP Responder Thanks in advance, Cheers, Mel ... View more
Labels:

Cannot view software update on support portal

by in General Topics
‎03-17-2015 06:07 PM
‎03-17-2015 06:07 PM
Hi Guys, Did you ever experienced the below: When our customer tried to access software update page on their support portal they saw 'no software updates found' Does this mean the account doesn't have access to the software info? Thanks, Cheers, Mel ... View more

Re: How to notice network admin if someone tries to browse certain websites?

by in General Topics
‎03-04-2015 07:48 PM
1 Kudo
‎03-04-2015 07:48 PM
1 Kudo
Hi Hulk, Thanks so much for the answer. Cheers, Mel ... View more

Re: How to notice network admin if someone tries to browse certain websites?

by in General Topics
‎03-04-2015 07:34 PM
‎03-04-2015 07:34 PM
Hi Hardik, Thanks for your reply. May I know the feature request number? Thank you. Cheers, Mel ... View more

How to notice network admin if someone tries to browse certain websites?

by in General Topics
‎03-04-2015 06:51 PM
‎03-04-2015 06:51 PM
Hi Guys, Our customer uses Palo Alto in an education institute. They want to find out if Palo Alto firewall provides features such that if someone try to access certain website, for example, adult site, suicide site, the firewall will automatically send email to alert the network admin. So far, I haven't found any document about this. But what I can think of, is to configure url filtering profile with action continue, then the admin can filter on the url filtering logs to find out these behaviors. Is there a specific feature we can use to achieve the above requirements, sending automatic alert message to admin via email or other ways? Thanks. Cheers, Mel ... View more
Labels:

Re: Syslog Data for UserID from Cisco 3850 WLC to Palo Alto PA-500

by in General Topics
‎03-03-2015 07:05 PM
‎03-03-2015 07:05 PM
Hi Jthakur, Thank you for your suggestions. But there is still no success from our end. Please find our amended config using Field Identifier rather than Regex, in addition another SNMP trap from our test machine. Mar  4 13:00:27 syslog1 snmptrapd[2559]: 2015-03-04 13:00:27 10.5.80.1(via UDP: [10.5.80.1]:1028->[10.5.80.47]:162) TRAP, SNMP v1, community public#012#011iso.3.6.1.4.1.14179.2.6.3 Enterprise Specific Trap (53) Uptime: 83 days, 4:06:36.07#012#011iso.3.6.1.4.1.14179.2.6.2.35.0 = Hex-STRING: F8 4F 57 A4 C2 B0 #011iso.3.6.1.4.1.14179.2.6.2.36.0 = INTEGER: 0#011iso.3.6.1.4.1.14179.2.6.2.43.0 = IpAddress: 10.5.185.2#011iso.3.6.1.4.1.14179.2.6.2.34.0 = Hex-STRING: E4 CE 8F 5B A5 54 #011iso.3.6.1.4.1.14179.2.6.2.39.0 = STRING: "test.staff"#011iso.3.6.1.4.1.14179.2.2.1.1.3.6.248.79.87.164.194.176 = STRING: "WAP-001” Doing a TCP dump, we can certainly verify that the PAN is receiving the messages. Is there any debugging commands we can use on the PAN to see whether the device is interpreting the messages correctly? We can see the below output from our PAN: Proxy: syslog1(vsys: vsys1)     Host: syslog1(10.5.80.47)         number of log messages                            : 75255         number of auth. success messages                  : 0 kris.kopicki@gw> show user server-monitor state syslog1         UDP Syslog Listener Service is enabled         SSL Syslog Listener Service is enabled Proxy: syslog1(vsys: vsys1)     Host: syslog1(10.5.80.47)         number of log messages                            : 75259         number of auth. success messages                  : 0 Have you got any suggestions? Should we open a support case for this? Thanks in advance. Cheers, Mel ... View more

Re: Syslog Data for UserID from Cisco 3850 WLC to Palo Alto PA-500

by in General Topics
‎03-02-2015 06:33 PM
‎03-02-2015 06:33 PM
Hi Jthakur, Thanks for your reply. Please find a sample of the data Feb 27 16:18:52 syslog1 snmptrapd[2559]: 2015-02-27 16:18:52 10.5.80.1(via UDP: [10.5.80.1]:1028->[10.5.80.47]:162) TRAP, SNMP v1, community public#012#011iso.3.6.1.4.1.14179.2.6.3 Enterprise Specific Trap (53) Uptime: 78 days, 7:24:55.14#012#011iso.3.6.1.4.1.14179.2.6.2.35.0 = Hex-STRING: F8 4F 57 A4 C2 B0 #011iso.3.6.1.4.1.14179.2.6.2.36.0 = INTEGER: 0#011iso.3.6.1.4.1.14179.2.6.2.43.0 = IpAddress: 10.5.185.5#011iso.3.6.1.4.1.14179.2.6.2.34.0 = Hex-STRING: D8 96 95 11 3D 8F #011iso.3.6.1.4.1.14179.2.6.2.39.0 = STRING: "sarah.harris"#011iso.3.6.1.4.1.14179.2.2.1.1.3.6.248.79.87.164.194.176 = STRING: "WAP-001” We have used the document https://live.paloaltonetworks.com/docs/DOC-8771 However,the date output is completely different between the WLC5500 and 3850. Is there any other document we can refer to? Thanks, Cheers, Mel ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎11-12-2018 03:06 AM
Latest Tags
No tags yet
Likes From
View All
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2021 - Palo Alto Networks