This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About DelvinC
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About DelvinC
01-25-2023
24Posts
3Likes
1Solution
Jan 25, 2023Last Visited
User
Activity
User
Profile
Latest posts by DelvinC
| Subject | Views | Posted |
|---|---|---|
| 1259 | 01-20-2022 04:54 PM | |
| 1885 | 04-08-2021 11:27 AM | |
| 2565 | 01-28-2021 03:27 PM | |
| 2686 | 01-22-2021 01:47 PM | |
| 2730 | 01-22-2021 11:24 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 01-28-2021 03:27 PM | |
| 1 Like | 01-22-2021 01:47 PM | |
| 1 Like | 06-20-2019 01:21 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 22 Likes |
User Badges
Community Statistics
| Member Since | 04-18-2016 12:43 PM |
| Date Last Visited | 01-25-2023 01:50 PM |
| Posts | 24 |
| Total Likes Received | 3 |
01-20-2022
04:54 PM
Were you able to get it moved? The last time I had to do this, I learned it the hard way that MarketPlace VMs do not like to be moved and need to be redeployed. You can at the most clone the OS disk or move the original disk after deleting the virtual machine from source subscription. I would be interested to learn more about your experience or if you had a different approach.
... View more
04-08-2021
11:27 AM
I have seen these logs too. Not been able to figure this, but, I wonder if the alert logs are generated due to source IP meeting the interval and event threshold instead of tracking it per unique source-destination IP pair when configured to alert on the Reconnaissance Protection tab . Ideally one gets to pick and choose the tracking mechanism when you block but not for alert. Did anyone make progress with support on this? What did they have to say?
... View more
01-28-2021
03:27 PM
1 Kudo
Just so that I provide closure to this discussion. I managed to get this rolled out and fix the issues that I was having. Here is what I learned during my deployment and troubleshooting: When using user certificate along with an authentication profile; you can leave the username field to "none" on the certificate profile. "Required client certificate not found" was the error that got me stuck. I was using the certificate profile to verify the certificate-status: After long hours of detailed investigation I discovered that this was due to CRL verification failures. I hadn't validated the firewalls reachability to query the CRL that it was reading off the presented certificates. This lead to the discovery that the firewalls were configured with external DNS servers and that CRL verification attempts were being made against an internal FQDN. I updated the DNS servers on the firewall to lookup against internal DNS servers and everything is working like a charm! Hope someone else finds this useful when they run into a similar fit!
... View more
01-22-2021
01:47 PM
1 Kudo
@MP18 Thanks for your response. I've had success in the past deploying machine certificates for authentication. But, this time I'm specifically trying to get user certificate authentication to work with just the on-demand mode. During my research, I came across the PAN KB article (Basic GlobalProtect Configuration with Pre-logon) that hints that this is possible.
... View more
01-22-2021
11:24 AM
I'm trying to setup a GlobalProtect On-Demand environment. The portal uses an LDAP server profile for authentication and has been validated to be working fine. I intend to configure the gateway to use a combination of RADIUS and certificate profile to authenticate. I've confirmed that authentication works without the certificate profile. My understanding is that certificate based authentication for the "on-demand" mode works only if the certificates are user certificates (i.e. installed in the user store). I've a PKI infrastructure in the environment that is pushing out certificates to the users. I do not intend to go down the SCEP configuration for this deployment. So far I've not been successful to get certificate profile. I'm greeted by the "Required client certificate not found" error. I've tried to play with different options on the certificate profile like subject, subject alt-name, principal name, email, etc. FYI... I have the PKI root CA and intermediate CAs already included in my certificate profile. I wanted to know if anyone has this successfully working in this fashion using "On-demand" mode. What certificate fields or options did you use? What certificate profile options did you leverage? Any interesting scenarios you ran in your deployment?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-25-2023
01:50 PM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks