This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About BDBartlett
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About BDBartlett
09-21-2023
8Posts
0Likes
0Solutions
Sep 21, 2023Last Visited
User
Activity
User
Profile
Latest posts by BDBartlett
| Subject | Views | Posted |
|---|---|---|
| 4285 | 03-25-2015 12:00 PM | |
| 2217 | 04-24-2013 04:14 AM | |
| 2290 | 04-23-2013 11:17 AM | |
| 5205 | 02-05-2013 01:29 PM | |
| 4214 | 01-24-2013 08:14 AM | |
| 1402 | 12-18-2012 12:54 PM | |
| 2905 | 11-26-2012 01:04 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 2 Likes |
User Badges
Community Statistics
| Member Since | 10-02-2012 06:42 AM |
| Date Last Visited | 09-21-2023 10:11 AM |
| Posts | 8 |
03-25-2015
12:00 PM
Since you are placed on the outside of your current firewall, you will be (are) seeing the traffic after NAT has been performed. If you want to see the traffic before it becomes NAT-ed, you will have to move the virtual wire inside your current firewall.
... View more
04-24-2013
04:14 AM
Took a look at that, not the case. The link above fails on all workstations, they all use flash, and refreshing a couple times always gets it to work. Majority of other links always work, in fact I have yet to definitively identify another link that behaves/fails similarly - but I do recall over the past few weeks getting this error on occasion, and believe it may be related. When it does fail, traffic logs on the PA show sessions denied due to application http-audio not being allowed. So I wonder if the application ID engine may somehow be misinterpreting what it's seeing and misidentifying the application somehow? Thanks for giving it some thought, much appreciated
... View more
04-23-2013
11:17 AM
Greetings, We have run into an issue in our deployment where SOME (really only a few) Youtube videos don't play, the user gets an error 'An error occurred, please try again later'. In the traffic logs, I see traffic that is recognized as application 'http-audio'. We have configured an application whitelist of the applications we allow from our network, and have chosen to exclude 'http-audio' due to its risky nature. When I add this application to the whitelist, the video plays without fail. Here's where it gets weird, since I'm averse to allowing http-audio and being done with it, I decided to go deeper. Turns out that if I refresh the link via the browsers refresh button (or F5) enough times (sometimes only once, sometimes it takes 5-6 times), the video will eventually play, without allowing the http-audio application. The link I'm currently working with is http://www.youtube.com/watch?v=t7wmPWTnDbE but I've heard that there are other youtube links that behave similarly. I wonder if anyone has experienced this or may have suggestions for an elegant solution that doesn't include allowing http-audio, or mashing the refresh button until it works. Regards, Brad
... View more
02-05-2013
01:29 PM
Curious about multiple IP addresses, and where they get applied. I have a /30 link space on my untrust interface (with functioning gateway/portal for Windows machines & specific HIP), so I can't add more there, but I do have plenty of rout-able IP's in my DMZ that I could use. Possible to create multiple gateways/portals off the DMZ interface using unique IP addresses there? Any tips would be appreciated. Regards, Brad
... View more
01-24-2013
08:14 AM
How come I do not see this menu option when logging in with an account that is not local, but has been granted all permissions via admin role? I only see configuration management options when I use the local 'admin' account. Advice would be appreciated, running 4.1.7 currently.
... View more
12-18-2012
12:54 PM
I note that the PA-2050 units I have running 4.1.7 PanOS generate their syslogs as UDP/514. Is there any way to tell the unit to use TCP for syslog messages? Our SIEM/syslog collector (AlienVault) seems to be missing some of the syslog messages we (supposedly, according to security team) sent to it from the PA-2050 for whatever reason. We are exploring why, but I know that some network devices have the option to use syslog over TCP, which might address the issue if its related to the SIEM (or somewhere on the way to the SIEM) dropping packets. Can the PA-2050 support syslog over TCP either now, or in future releases?
... View more
Labels:
- Labels:
-
Management
-
Networking
11-26-2012
01:04 PM
Local LAN access (local as defined by the native/underlying IP subnet mask) is configurable on the Cisco IPSec and AnyConnect clients, but with GlobalProtect, it seems as though its built in as a 'feature', and no choice is available to the administrator (I'd really like to hear from PaloAlto tech guys on this - by design? undocumented?). Its a form of split-tunneling, allowing only local traffic (defined by subnet mask), and tunneling everything else. In the case of IP range overlap, or mistakes in local subnet masking, there can be some very interesting/annoying scenarios that crop up. I understand that local LAN access is often desirable by end users, particularly when wanting to print locally while 'in-tunnel'. The machine itself is no more or less vulnerable to attack (from the local LAN) when it is 'in-tunnel', except of course that it can potentially be leveraged to compromise the protected network in real time. There is little difference in my mind between a machine that can be compromised when it is not tunneled (assuming you are using the client on-demand) and one that can also be compromised while tunneled. A compromised system is a compromised system - the protected network is vulnerable in either case - just a matter of degrees. Windows (or other) firewall can/should be configured (by GPO in MS enterprise networks) to protect any machine that is going to spend any time on the 'dirty' Internet (hotels, airports, starbucks, home, etc), not allowing any connections TO the machine while 'offnet' (off the corporate network) - but I digress. In any event, the admin of the GlobalProtect gateway should be able to choose the operating mode they desire - this is a major shortcoming if there is not that level of control built into the GP client/server, and PA needs to speak to this issue. Have either of you opened a ticket on this?
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks