This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About denisgaron
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About denisgaron
08-18-2015
34Posts
1Like
1Solution
Aug 18, 2015Last Visited
User
Activity
User
Profile
Latest posts by denisgaron
| Subject | Views | Posted |
|---|---|---|
| 3519 | 02-08-2013 06:45 AM | |
| 3519 | 02-08-2013 06:13 AM | |
| 3651 | 02-04-2013 05:18 AM | |
| 3832 | 01-31-2013 12:24 PM | |
| 1046 | 12-14-2012 11:30 AM | |
| 973 | 12-03-2012 10:21 AM | |
| 3200 | 11-16-2012 04:43 AM | |
| 1544 | 11-16-2012 04:42 AM | |
| 1632 | 11-15-2012 06:00 AM | |
| 3196 | 11-08-2012 04:47 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 08-28-2012 08:22 AM |
User Badges
Community Statistics
| Member Since | 08-03-2012 07:41 AM |
| Date Last Visited | 08-18-2015 09:07 AM |
| Posts | 34 |
| Total Likes Received | 1 |
02-08-2013
06:45 AM
SCoupland a écrit:
That is correct, the URL category in the security policy is part of the match criteria, meaning that the policy will only be hit when the site that they are going to matches a site in that URL category. Try it out with a test site in a custom category.
yes i will test this today thanks!
... View more
02-08-2013
06:13 AM
kfindlen a écrit:
A URL filtering profile is required for a URL log entry to be created. By specifying a URL in the "URL Category" portion of the security policy you will only see the category logged in the traffic log area. If a URL filtering profile is applied to rule#1 with all categories set to alert then a URL log entry would be generated for traffic hitting that policy.
By doing this, (URL filtering profile applied to rule#1 with all cat set to alert) , this will open all category to users? i suppose not, because i have put only internet communications in URL cat TAB? Just need a confirmation to be sure. thanks!
... View more
02-04-2013
05:18 AM
Yes this i know it already. But i need to log in URL log - using alert. Its what is do for all URL profiles created. But i have some rule that dont use any URL profiles. Some rule use the TAB "URL Category". Exemple : of my rules set : rule#1: i open "internet-communiactions" using TAB "URL-CATEGORY", without any URL profil--> this is log only in traffic. I cannot force the ALERT to get full URL logs in threat log... Rule#2: the default rule, with the URL default profil. Its give acces to all users for default categories need. So what is missing is alert possibility in the "URL Category" tab.
... View more
01-31-2013
12:24 PM
Hi, All my URL profil is config with ALERT instead of allow. So i log any URL block or accept. But the problem is im not able to ALERT if i unblock or block a category under policies TAB name "URL Category". I have no choice, my rules are set in this way. I have a default URL profil that give access to most of the category. But i have some sepcifics rules set using Tab "url category". Im not able to do this using profiles for those specifics rules. Maybe there a new feature request that will add ALERT choice in this tab?
... View more
12-14-2012
11:30 AM
Hi, I need to know how many users access Category Social Network. So i do a trafic report with SESSIONS and SOURCE USER. Top 500. I have all i need, BUT i have more then 500 users. so i cannot know how many users access that category. I have to calculate a average sessions access by user. So like i say i have all information a need except i cannot go over the TOP 500 limitation. I use by the way Panorama 4.1.9. So if someone can tell me if there is a way to bypass this limit in TOP. thanks!
... View more
Labels:
- Labels:
-
Management
12-03-2012
10:21 AM
Hi, In PA, we can get a description of an apps in Objects>appliactions> then click on an apps. But there is a way, with a CLI, to get the same description for all applications? I have seek it on PA site, but failed to find something. I need this for a manager documentation. Thanks
... View more
Labels:
- Labels:
-
Management
11-16-2012
04:43 AM
so far so good, i have applied 4.1.9. Since 7 days all working fine now.
... View more
11-16-2012
04:42 AM
I have scheduled a report yesterday, and this morning i dont see any report available. So for now i cannot see if schedule report solve the problem. I will open a case. thanks
... View more
11-15-2012
06:00 AM
When i doing a custom report, using template : Top WebSites, then I export report to PDF, hostname show IP instead of real host name. I use PA 4.1.9 . Any clue on that? There is a way to show real hostname ? Or maybe i can use URL filtering database instead of traffic?
... View more
Labels:
- Labels:
-
Management
11-08-2012
04:47 AM
I have finaly do what you say, i have remove group mapping, commit, create a new GM and commit, all working good for now. This weekend i will upgrade to 4.1.9, to see if that resolv completly the problem or if its return. I will add somes comment here if i got the problem back or not.
... View more
11-06-2012
11:10 AM
I opened a case in this regard, but in the meantime I would like to know if anyone has the same problem as me. -I'm using version 4.1.8 of PA, the PA -2050 appliance . -User ID agent v.4.1.4.3 is use for authen users. - ad windows, on server 2008, for LDAP. I regularly lose the link between a user and the group associated with that user. Result: I have several rules that give special access , for example, social networks or personal web storage. At the beginning, when creating the rule, it works, but after about a week they stop working . The user is authenticated, in the " MONITOR" I can see the user in the USER column . But I still see a bad rule that is applied to that person. This is the last rule is applied , which provides access to the Internet by default. When this happens, here's what I see in the CLI: - Show user group name domain \ group -1 [1] domain \ user01 [2] domain \ user02 Then I demand groups that are associated with the user " user02" and I get no group. show user -IDs match user -user domain \ user02 : User Name VSYS Groups -------------------------------------------------- ---------------- When it works, the CLI command " show user-IDs match user -user" returns me the right groups associated with the user .
... View more
10-05-2012
07:29 AM
I have done a scheduled CLI for "clear session all", and that not solve my problem. Last things i can test is reboot PA or i will open a ticket.
... View more
10-03-2012
07:39 AM
so far i have try what sdurga say, because clear all session can have some behvior to others users. But i will try tonight to clear all sessions. But that not solve the problem. I still have access since 2 days even is im not in the AD group. Just one command have have remove me access just for like 1 minute : - clear session all filter rule "The_rule_that_give_me_wrong_access" After that clear, my sessions wasnt authentificated. In Monitor i was seeing myself access with an IP. Its take like 1 minute before see authentificated access back with my username. Right after, i get by my back my wrong access like before. So clear the users cache not seam to remove my access.
... View more
10-01-2012
10:32 AM
So here my problem. I have create a new rule with a new AD group. I have added 4 users in the group, including myself. I have open a new custom URL group there. All work fine so far. Here my problem. I try to remove myself from the group. After applied many time rules, i still have an access to this rule. - I have remove myself from that AD group. - then i do the command CLI : show user group name "the_group". Its show 3 users (myself remove from the list). So by apply rule its should remove my access. But when i check "MONITOR" i still see i get access for that rule. PA CLI no see me in the group but PA still have me listed in the AD GROUP. I have not use "Group Mapping Settings" in "Device>User identification" Instead i have list the AD group right in the policies, in USER TAB. Any clue? how many time PA will take to sync the AD groups?
... View more
09-07-2012
10:15 AM
I have use the search apps engin with TOR word and only find tor2web. I have look closer, without using search engin and find it. And yes its blocking thanks
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-18-2015
09:07 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks