About oneidanation

oneidanation · ‎07-17-2013

Did you ever get his working for some reason ours that was working with a custom url category now is not working for wildcard urls in the category.

oneidanation · ‎06-03-2013

You can exclude URLs by creating a Custom URL Category and add the sites into that URL Category then use the custom URL Category in your do not decrypt rule.

oneidanation · ‎10-31-2012

We have been on 4.1.8 for a few weeks now and had to remove the domain entry from the Kerberos profile to correct the authentication issue when logging into the console. We use Kerberos for our PA administrator accounts. Did not have to remove this from the LDAP profile, the LDAP profile still has the domain name but not the FQDN. We do not use Panaorama however. We are having other issues with Group Mappings but this has not been verified as of yet as a firmware 4.1.8 issue, currently working with Tech Support to resolve. The issue is that the PA will randomly drop the group mappings for the user so then none of the rules will match to a user group and they will get our default block policy. As a temporary fix we have to clear user-cache and user-group-cache then restart user-id.

oneidanation · ‎10-02-2012

Confirmed here as well on PA2050.

oneidanation · ‎01-27-2012

Would we need to go away from VWIRE and go to a LAYER 3 type deployment using sub-interfaces and VLAN tagging? Also note that each VLAN is on its own unique IP-Subnet.

oneidanation · ‎01-27-2012

We currently have our Main PA configured in a VWIRE deployment with a TRUST and UNTRUST Zone. We have many different VLANs on our network and the default route for all internet bound traffic passes through the VWIRE. We want to configure multiple VSYS on the PA for our different divisions. Example VSYS1 - Enterprise, VSYS2 - Retail, VSYS3 - Public, etc. with a Shared Gateway. Is it possible to configure the PA so that the VWIRE stays in place and as traffic passes through direct that traffic to the other VSYS based on VLAN id in order to apply security policies and then that VSYS would send the traffic to the Shared Gateway out to the internet? In other words if Packet A has VLAN 10 stay with VSYS1 and apply security policy if Packet B has VLAN 20 send to VSYS2 and apply VSYS2 security policy then send Packet A and Packet B to the shared gateway.

oneidanation · ‎10-13-2011

Thanks looks like this will work. Your right it can get a little tricky but it does work. Can be time consuming copying what you need from one vsys to another but cuts down the time it would take to recreate the rules and objects.

oneidanation · ‎10-11-2011

We are getting ready to start using multiple VSYS on our PA. Want to find out if there is a way to move or copy policy and objects from one VSYS to another? We have many policies in our original VSYS1 and want to move those policies and objects into the new VSYS which are now going to be configured for different Divisions in our organization.

Member Since	‎08-02-2010 02:04 PM
Date Last Visited	‎08-18-2015 09:06 AM
Posts	8
Total Likes Received	2

Online Status	Offline
Date Last Visited	‎08-18-2015 09:06 AM

About oneidanation

Re: Exclude www.google.* from decryption

Re: Exclude www.google.* from decryption

Re: Panorama 4.1.8 LDAP Failure

Re: Panorama 4.1.8 LDAP Failure

Re: Routing between Virutal Systems with a VWIRE

Re: Panorama 4.1.8 LDAP Failure

Re: Panorama 4.1.8 LDAP Failure

Re: Panorama 4.1.8 LDAP Failure

Re: Exclude www.google.* from decryption

Re: Exclude www.google.* from decryption

Re: Panorama 4.1.8 LDAP Failure

Re: Panorama 4.1.8 LDAP Failure

Re: Routing between Virutal Systems with a VWIRE

Routing between Virutal Systems with a VWIRE

Re: Copy Policy Between VSYS

Copy Policy Between VSYS

Network Security

Cloud Security

Security Operations

About oneidanation