Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma Access Insights
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- ›
- About jeff6strings
About jeff6strings
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Saturday
38Posts
4Likes
0Solutions
Feb 27, 2021Last Visited
User
Activity
User
Profile
Latest posts by jeff6strings
| Subject | Views | Posted |
|---|---|---|
| 120 | a month ago | |
| 158 | a month ago | |
| 84 | 01-27-2021 02:55 PM | |
| 135 | 01-27-2021 02:53 PM | |
| 251 | 01-15-2021 04:59 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 11-30-2020 07:08 AM | |
| 1 | 03-29-2020 09:22 AM | |
| 1 | 03-30-2020 04:50 AM | |
| 1 | 10-02-2019 12:34 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 1 | |||
| 1 | |||
| 1 | |||
| 1 |
User Badges
Public Statistics
| Date Registered | 04-20-2016 10:05 AM |
| Date Last Visited | Saturday |
| Total Messages Posted | 39 |
| Total Likes Received | 4 |
a month ago
@BPry The Interzone Default makes sense. There is only one Security Policy allowing all from trust to untrust, so not sure why it was hitting the Interzone Default policy. I created a service TCP/8883 and applied it to a Security Policy with the garage opener IP and zone as the source, untrust as the dest zone, and this service. I cloned that for DNS, though I didn't need to. No changes to NAT policies. After creating the Security Policy with the 8883 service, the MyQ management worked. Thanks. Jeff
... View more
01-27-2021
02:55 PM
We confirmed the domain exclusion is a Cisco Umbrella issue but still like to know if anyone else has had this issue and, if so, what was your resolution? Thank you. Jeff
... View more
09-28-2020
03:56 AM
Having the Portal and the Gateway on two separate types of authentication was a concern. I wanted to avoid having SAML users point to another Portal but it seems in order to limit testing to specific AD groups, this may be the only way. Thank you. Jeff
... View more
07-16-2020
10:57 PM
@jeff6strings, There are few cli commands in PANOS to list down the running NAT polices but it comes up with names. show running nat-policy show running nat-policy-addresses But if you do some filter like shown below, it will not show the names for the NAT rule. Will show only addresses used in the NAT policy. show running nat-policy | except index show running nat-policy-addresses | except index Hope it helps! Mayur
... View more
07-16-2020
07:13 AM
Thank you for all the responses and hopefully, this is addressed in the coming versions. Jeff
... View more
03-30-2020
10:03 AM
Hello, It sounds like the PAN is under powered. I'm also going to guess that an upgrade is not in the budget? Check into streamlining your policies and see where changes can be made. I say start with the BPA tool and see if it can find anything. https://docs.paloaltonetworks.com/best-practices Regards,
... View more
10-02-2019
12:34 PM
1 Kudo
I didn't think of that and there is an object with a 10.100.100.0/24. I checked the other rules and they do have this object as either source or destination. Thank you. Jeff
... View more
06-28-2019
10:22 AM
Jeff, Are the links (config ) available now. The links above are broken or the content has been removed. Phil
... View more
01-30-2018
10:05 AM
Jeff, You are correct that there can only be one VPN Profile/Gateway per IP (I believe it is just the gateway side). I am not an expert at making VSYS interact with eachother properly but from what you are describing (and having a 3050) it may make more sense to put the GP on its own VSYS and setup multiple profiles within both the GP Profile & Gateway to force different departments to different traffic (we use Group Policy for allowing VPN access). The bottom line with GP is that you allow access to connect but it is the security rules that allow access to different components so using the same VPN but different AD groups with security rules and GP Profile/Gateway rules will allow you to limit both what IPs are displayed and what they are allowed to access. Brian
... View more
10-30-2017
07:42 AM
@reaper That does make sense. We don't use any of the Outlook web but one of our customers has required us to use one of their accounts so we just need to narrow down access to outlook.com/domain.edu. Thanks again. Jeff
... View more
07-05-2017
06:18 PM
as you said, i can put a AD group on to a policy to control this group. what if just wanna allow/deny one user? manaully fill this username into 'source user' blank? is it correct? Danny
... View more
06-22-2017
09:29 AM
Also, converting from Legacy mode to Panorama mode wipes the current logs. the SCP backup options you see listed dont work for larger sizes.. mine is 110gb and I cant backup my logs to convert to panorama mode, it just stops after 26gb. I am working with support to get the backed up in some other way, so we dont loose everything when we convert.
... View more
06-19-2017
09:20 AM
1 Kudo
@TranceforLife Yes, you're right. But the profile set to none as mentionned by @jeff6strings it's more a "best effort" thing. (but at least PAN-OS 8.0.x is able to decrypt almost everything)
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Saturday
|
Latest Tags
No tags yet
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
