Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- ›
- About mindterra
About mindterra
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
11-30-2018
30Posts
1Like
1Solution
Nov 30, 2018Last Visited
User
Activity
User
Profile
Latest posts by mindterra
| Subject | Views | Posted |
|---|---|---|
| 516 | 05-24-2013 10:35 AM | |
| 502 | 05-09-2013 09:05 AM | |
| 389 | 01-28-2013 06:59 AM | |
| 609 | 01-08-2013 08:57 AM | |
| 747 | 01-03-2013 10:29 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 09-04-2012 08:18 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 |
User Badges
Public Statistics
| Date Registered | 10-18-2009 09:44 PM |
| Date Last Visited | 11-30-2018 02:56 AM |
| Total Messages Posted | 30 |
| Total Likes Received | 1 |
05-24-2013
11:14 AM
I would mirror on the TX from the Trusted Network. I would mirror on the RX on the DMZ. (Presuming there is NO reason why the DMZ should be TX traffic to the Trusted side of the network). If DMZ is sourcing traffic to Internet, then maybe you can mirror on TX side then. I would mirror on the RX on the Internet (presuming you have switch on OUTSIDE of the current FW, so this is TX into the network, not being TX out to the Internet, as you already caught that traffic on the Trusted side TAP interface) I do not think you need to tap on VS for eval purposes. Use Vsys1.
... View more
05-09-2013
06:47 PM
Also you can block torrent files (the start point that the torrent program uses generating threads to pull down the file pieces). Phil
... View more
03-10-2013
12:20 PM
Hi, Not sure if this helps, but what we've done in this scenario is implement a little javascript heartbeat function on the (captive portal) destination server such that users close the page to trigger a logout() function (via window.onbeforeunload), which in turn clears the user-ip mapping in the palo via the restful api call.. https://HOSTNAME/api/?type=op&cmd= <clear><user-cache><ip>USER_IP</ip></user-cache></clear>&key=APIKEY I wont post any example code here as what weve used is a little more convoluted (in that we use websockets to push messages via an AMQP broker that has workers proxying api calls to the palo) but please let me know if you want further details.. cheers damian
... View more
01-12-2013
10:50 PM
I believe you would have to bypass the built in captive portal page to do this. (Or maybe not. Depending how you want to do it.) You could setup a web server inside that zone that would handle the user authentication using the UserID-API and PHP. The user would just have to remember the web server DNS name/IP address to get back to the log off link. Just make sure your security policy has the source user set to either the specific user/group or known user. The short answer is it's possible.
... View more
01-03-2013
02:11 PM
2 Kudos
If the diagram is accurate, then no. OTOH, if the clients are in different subnets and those subnets route through the PAN, then yes. The vwire deployment won't work b/c of the capwap/lwapp tunneling, the PAN can't inspect that, so no policy can be enforced. Mike
... View more
12-07-2012
08:23 PM
Hello, There is no way to export from device itself. The only methods of obtaining PAN-OS image - Download via Device -> Software - Deploy via Panorama - Manually download from your support portal account(support.paloaltonetworks.com) Software Updates section Cheers, Stefan
... View more
10-30-2012
11:51 AM
1 Kudo
Thats the proper way of handling this (create custom appid). As a workaround you can also use application override and instruct PA that traffic from srcip/range to dstip/range on a specific port lets say TCP80 should be identified as "web-browsing" instead of unknown or whatever.
... View more
10-27-2012
01:37 AM
1 Kudo
I think that should work as long as your Alcatel devices can form some sort of "virtual chassis" or other method so they can form a single aggregated link even if they are 2 or more physical devices.
... View more
10-08-2012
01:32 PM
1 Kudo
Do you have any proxy setting in the browser that you are using. Try using a different browser and check if that allows you to upload the file. Please let us know if this helps. Regards, Numan
... View more
09-19-2012
01:31 PM
1 Kudo
you can do that when the test is being runned with snmp (various counters there) - but dunno how to get the stats afterwards...
... View more
09-12-2012
02:53 PM
1 Kudo
Hello, As mentioned by Gary, it is just similar to a linux box. This command is used to monitor processes running on the management plane. The Columns in the output mean the following:- PID is the process ID of the process %CPU is the management plane CPU usage %MEM is the physical Memory usage (RES) VIRT -- The total virtual memory usgae: Virtual Image (kb) VIRT == SWAP + RES. TIME is the CPU Time a task has used since it is started. TIME+ is the CPU Time reflecting more granularity. (hundredths of a second.) COMMAND will show all the deaomons running over the management plane and its memory/CPU utilization Regards Parth
... View more
09-04-2012
09:38 AM
I am using PAN OS 4.1.7 the settings below work fine for me. For the portal address select the interface and 'none' for the IP Address. For the portal just use your dns name.
... View more
12-05-2012
06:35 AM
When we can support used OUs in the security-rules .So Many customers have the demand in China.
... View more
08-21-2012
08:52 PM
What if you add "all" in the end? show user ip-user-mapping all edit: Uhh, was already answered 🙂 How come one cant select vsys within the command itself, would be (at least for me) more obvious that way (like vsys <name> | all )
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-30-2018
02:56 AM
|
Latest Tags
No tags yet
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
