About RahmanDuran

RahmanDuran · ‎03-30-2018

Importing intermediate certificate alone did not work but appending intermediate certificate directly to server certificates text file and importing server certificate and key file again to PANOS did the trick. Thanks for the hint. Regards, Rahman

RahmanDuran · ‎03-30-2018

Should I append intermediate certificate to server certificate file or just import it seperately to PANOS->certificates? Regards, Rahman

RahmanDuran · ‎03-13-2018

Bump. Can anybody try to reproduce this? Regards, Rahman

RahmanDuran · ‎03-07-2018

Hi, When we do SSL inbound inspection for some of our web servers, SSLLabs test scores goes from A+ to B. I also tested with "openssl s_client -connect mailadmin.artvin.edu.tr:443 -showcerts" and it show the same problem. The problem is, when doing ssl inbound inspection, both SSLLabs test and openssl test shows "Secure Renegotiation IS NOT supported" and intermediate server certificate absent. But our web server sends the intermediate ssl certificate to client and it also supports " Secure Renegotiation ". If I disable SSL inbound inspection both tests gives the expected results. Here are openssl test results, inspection off and on: [root@syslog ~]# openssl s_client -connect mailadmin.artvin.edu.tr:443 -showcerts CONNECTED(00000003) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte RSA CA 2018 verify return:1 depth=0 C = TR, L = Artvin, O = Artvin Coruh Universitesi, OU = Bilgi Islem Daire Baskanligi, CN = *.artvin.edu.tr verify return:1 --- Certificate chain 0 s:/C=TR/L=Artvin/O=Artvin Coruh Universitesi/OU=Bilgi Islem Daire Baskanligi/CN=*.artvin.edu.tr i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=Thawte RSA CA 2018 -----BEGIN CERTIFICATE----- MIIFEDCCA/igAwIBAgIQBV6izOXvOW8h2GmaiOMuYjANBgkqhkiG9w0BAQsFADBc MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMRswGQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcN MTcxMjI5MDAwMDAwWhcNMTkwMTE2MTIwMDAwWjCBgzELMAkGA1UEBhMCVFIxDzAN BgNVBAcTBkFydHZpbjEiMCAGA1UEChMZQXJ0dmluIENvcnVoIFVuaXZlcnNpdGVz aTElMCMGA1UECxMcQmlsZ2kgSXNsZW0gRGFpcmUgQmFza2FubGlnaTEYMBYGA1UE AwwPKi5hcnR2aW4uZWR1LnRyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAqvvAQ9twxg2vtVWteOCYdG+MZ2d28ncsrd4Tl6PGUIt4MvoWZXkC3QY8Vejn 4Ok/KyMBO/sQ0SGek/o3Y2lH4FD/Gtzerq121f/sxbK72SzFLMdztA4QzmOonDf5 ZMeY1ea3Brphc6D6UcskM4iAzVRuvt1xjhCMkfz1/wEIHaQ8LI2LKvgIZEL4FiF3 Bh8n5iedejYmKgV4c3aBkvuXq58I0NHONBLrpRqGpwxLUaLKGYWC+HoEePCDUtvy UwpHNWS+3zvIvwARtva5uBxnyPujWpUGLm/CkRth8I5Bm8cjE96yj/5sn355lz7M cW6AvN/KJZHeL7uOLULAkfmBWwIDAQABo4IBpDCCAaAwHwYDVR0jBBgwFoAUo8he ZVTlMHjBBeoHCmpZzLn+3lowHQYDVR0OBBYEFKJPhIgUPgfAEiHLha7Kje7Mtlck MCkGA1UdEQQiMCCCDyouYXJ0dmluLmVkdS50coINYXJ0dmluLmVkdS50cjAOBgNV HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1Ud HwQzMDEwL6AtoCuGKWh0dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIw MTguY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0 dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMG8GCCsGAQUFBwEB BGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29tMDkGCCsG AQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAx OC5jcnQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEACB/Q3CRhf4QxdfSh uyM6GQunbjxP9gBKI6/gQ7TG2Ly0rQ083TKz8rissX/hUEqGs2nYrnRahC0KRCYY XxQ6qAiyf60T7wZ2yFVXF8G/s/K6PLnlZDZ5uuBzMJenxwQV6LoKKxhTUGZuYMIb 89cZVPa2EvFiSrBWHK7LwnjYSDP28o3C2QX4oL2WNLY+t0xgd/uaslXEb7If3+3t ddvN0exyRRHcFlINVHZsLyMmypg34F+B91BkZ2QsoIw1pVCYpzhUp7iDmGBMqOQp GmJRaJVkeLzJzIem9bXHy0qgbvckyQxdDqO9Fg1PMfAyfYvHYLiwlQ/d0vuPVhip pS36Pw== -----END CERTIFICATE----- 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=Thawte RSA CA 2018 i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA -----BEGIN CERTIFICATE----- MIIEiTCCA3GgAwIBAgIQAlqK7xlvfg1sIQSyGuZwKzANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD QTAeFw0xNzExMDYxMjIzNTJaFw0yNzExMDYxMjIzNTJaMFwxCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xGzAZBgNVBAMTElRoYXd0ZSBSU0EgQ0EgMjAxODCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAMoIXuVTipccHkMvtoqnVumLhEOorJ16VYJ6FEuGty+P Up8cyrEgW2+6It2mnC142ukGCE6+E6bry7s+uQUMPkrh8DIfE071BsVHc4k+gKOL 8QEkm6OZZpJraK0NLbTNcqL0+ThaZaa0jFPBCBqE+P0u8xF1btxqMSmsDYfMk2B4 3yW6JlmRxoNSNabKnLgoGs7XHO4Uv3ZcZas4HnnpfMxJIyaiUlBm0Flh/6D+mkwM n/nojt4Ji7gVwaQITCacewbb/Yp0W1h+zWOkkS9F8Ho8lAuKfLIFqWeTn2jllWNg 2FiVX+BV75OnETt85pLYZkTgq72nj82khXhBJFTn2AMCAwEAAaOCAUAwggE8MB0G A1UdDgQWBBSjyF5lVOUweMEF6gcKalnMuf7eWjAfBgNVHSMEGDAWgBQD3lA1VtFM u2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUH AwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAm MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQgYDVR0fBDsw OTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFs Um9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0 cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzANBgkqhkiG9w0BAQsFAAOCAQEARE2F 5d0cgozhZNWokCLfdhhl6mXSOyU3SoPamYcWfLH1CzMwD8a1+pFvwHIQfvlwXFH8 MrjB3C+jVobNbVWRrgqS3Jsa0ltRH/Ffs6ZTgP4WJYm1SNpUbgR7LWUD2F+PTvKB M/gf9eSyqP4OiJslYaa38NU1aVAxZI15o+4xX4RZMqKXIIBTG2V+oPBjQ1oPmHGA C/yWt2eThvb8/re7OpSpUdJyfGf97XeM4PiJAl6+4HQXhjwN7ZPZKrQv9Ay33Mgm YLVQA+x9HONZXx9vvy8pl9bu+NVYWKGxzGxBK0CBozmVUCeXQPJKPTZleYuNM18p U1P8Xh1CDguM+ZEoew== -----END CERTIFICATE----- --- Server certificate subject=/C=TR/L=Artvin/O=Artvin Coruh Universitesi/OU=Bilgi Islem Daire Baskanligi/CN=*.artvin.edu.tr issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=Thawte RSA CA 2018 --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 3159 bytes and written 415 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 4E1EF676162571A8CF2832DF6F0E11B7BD727E45323796ED7587538336AE568A Session-ID-ctx: Master-Key: F727E11EDB02ACDA3D412090CF837CB1DDE501E81E635711BA5BDA8CF1C384FCCF3D45D74D4BD58E172DA932E0F0B710 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 77 50 d3 eb 5b c5 2c 47-63 62 b3 37 2a 8c 2c 4f wP..[.,Gcb.7*.,O 0010 - df e8 70 92 67 16 93 75-94 b6 12 e0 d4 7c a7 01 ..p.g..u.....|.. 0020 - 62 59 51 23 de a8 92 0d-90 61 d5 df da d7 ad dc bYQ#.....a...... 0030 - da 1a 9f 3d b2 ee 3b c4-c1 1e 6a 14 98 1e fb 81 ...=..;...j..... 0040 - 59 f3 4c 2a 24 b9 5b c8-dc 70 61 07 d4 08 6d f6 Y.L*$.[..pa...m. 0050 - 44 af 6b ae 25 4e f6 87-30 a3 ed e9 d4 f7 02 b6 D.k.%N..0....... 0060 - 45 51 02 d6 59 88 ec 77-fc 24 ba 91 93 a6 0e ef EQ..Y..w.$...... 0070 - bc 95 6d b2 76 32 d4 b1-1e 9c 8a 80 2f d1 8d a6 ..m.v2....../... 0080 - b5 85 b6 74 0c bd 72 50-d2 15 c6 8d b3 e6 b0 16 ...t..rP........ 0090 - e3 32 5c e6 1d 05 9b 0c-4e 6e 03 c5 b1 29 ad d5 .2\.....Nn...).. 00a0 - 2a ed 56 bd e1 65 c5 c4-ee a6 8d 9e 0a 67 b5 62 *.V..e.......g.b 00b0 - c9 3b 9a f9 40 d4 73 7f-b6 12 57 7e 09 35 fa 0a .;..@.s...W~.5.. Start Time: 1520404780 Timeout : 300 (sec) Verify return code: 0 (ok) --- [root@syslog ~]# openssl s_client -connect mailadmin.artvin.edu.tr:443 -showcerts CONNECTED(00000003) depth=0 C = TR, L = Artvin, O = Artvin Coruh Universitesi, OU = Bilgi Islem Daire Baskanligi, CN = *.artvin.edu.tr verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = TR, L = Artvin, O = Artvin Coruh Universitesi, OU = Bilgi Islem Daire Baskanligi, CN = *.artvin.edu.tr verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=TR/L=Artvin/O=Artvin Coruh Universitesi/OU=Bilgi Islem Daire Baskanligi/CN=*.artvin.edu.tr i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=Thawte RSA CA 2018 -----BEGIN CERTIFICATE----- MIIFEDCCA/igAwIBAgIQBV6izOXvOW8h2GmaiOMuYjANBgkqhkiG9w0BAQsFADBc MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMRswGQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcN MTcxMjI5MDAwMDAwWhcNMTkwMTE2MTIwMDAwWjCBgzELMAkGA1UEBhMCVFIxDzAN BgNVBAcTBkFydHZpbjEiMCAGA1UEChMZQXJ0dmluIENvcnVoIFVuaXZlcnNpdGVz aTElMCMGA1UECxMcQmlsZ2kgSXNsZW0gRGFpcmUgQmFza2FubGlnaTEYMBYGA1UE AwwPKi5hcnR2aW4uZWR1LnRyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAqvvAQ9twxg2vtVWteOCYdG+MZ2d28ncsrd4Tl6PGUIt4MvoWZXkC3QY8Vejn 4Ok/KyMBO/sQ0SGek/o3Y2lH4FD/Gtzerq121f/sxbK72SzFLMdztA4QzmOonDf5 ZMeY1ea3Brphc6D6UcskM4iAzVRuvt1xjhCMkfz1/wEIHaQ8LI2LKvgIZEL4FiF3 Bh8n5iedejYmKgV4c3aBkvuXq58I0NHONBLrpRqGpwxLUaLKGYWC+HoEePCDUtvy UwpHNWS+3zvIvwARtva5uBxnyPujWpUGLm/CkRth8I5Bm8cjE96yj/5sn355lz7M cW6AvN/KJZHeL7uOLULAkfmBWwIDAQABo4IBpDCCAaAwHwYDVR0jBBgwFoAUo8he ZVTlMHjBBeoHCmpZzLn+3lowHQYDVR0OBBYEFKJPhIgUPgfAEiHLha7Kje7Mtlck MCkGA1UdEQQiMCCCDyouYXJ0dmluLmVkdS50coINYXJ0dmluLmVkdS50cjAOBgNV HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1Ud HwQzMDEwL6AtoCuGKWh0dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIw MTguY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0 dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMG8GCCsGAQUFBwEB BGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29tMDkGCCsG AQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAx OC5jcnQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEACB/Q3CRhf4QxdfSh uyM6GQunbjxP9gBKI6/gQ7TG2Ly0rQ083TKz8rissX/hUEqGs2nYrnRahC0KRCYY XxQ6qAiyf60T7wZ2yFVXF8G/s/K6PLnlZDZ5uuBzMJenxwQV6LoKKxhTUGZuYMIb 89cZVPa2EvFiSrBWHK7LwnjYSDP28o3C2QX4oL2WNLY+t0xgd/uaslXEb7If3+3t ddvN0exyRRHcFlINVHZsLyMmypg34F+B91BkZ2QsoIw1pVCYpzhUp7iDmGBMqOQp GmJRaJVkeLzJzIem9bXHy0qgbvckyQxdDqO9Fg1PMfAyfYvHYLiwlQ/d0vuPVhip pS36Pw== -----END CERTIFICATE----- --- Server certificate subject=/C=TR/L=Artvin/O=Artvin Coruh Universitesi/OU=Bilgi Islem Daire Baskanligi/CN=*.artvin.edu.tr issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=Thawte RSA CA 2018 --- No client certificate CA names sent Peer signing digest: SHA256 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 1792 bytes and written 415 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 75E71645A6DEE3E5AF5E5F02A48FBD26D8F922497A9B2C733CB6E22B32C00542 Session-ID-ctx: Master-Key: ECA34D1D7520AA670597A2C6FA6454BF7F6DC2A572DF8F2FEC33CE24FBF908F4573A97CCB1F5146C2AEB24CC938B609D Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1520404564 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- As you see with inspection on servers intermediate certificate does not reach to client someway. And it shows "Secure Renegotiation IS NOT supported". Can any of you test if this is reproducible on yor side? Regards, Rahman

RahmanDuran · ‎10-22-2017

Hi, This problem is not related to old bug that you mention. I have capital A in the portal/gateway configs and still has the issue. global-protect-portal { GP-Portal { portal-config { ssl-tls-service-profile web-gui-ssl-profile; client-auth { "Local&LDAP for Admins" { os Any; authentication-profile auth-sequence-gp; authentication-message "Enter login credentials"; } } # show global-protect global-protect-gateway GP-EXT-XAuth-RSA GP-EXT-XAuth-RSA { roles { default { login-lifetime { days 30; } inactivity-logout { hours 3; } disconnect-on-idle { minutes 180; } } } client-auth { admins&standard-users { authentication-profile auth-sequence-gp; os Any; authentication-message "Enter login credentials"; } } With 8.0.5: -stock/stock like android 6.0 devices connect to VPN but no traffic passes, all traffic timeout on client side and there is no indication on PANOS logs that client traffic hits PANOS. -Samsung android 7 devices connects to VPN but none of the traffic routed through VPN. -LineageOS android 7 device works as expected. Regards, Rahman

RahmanDuran · ‎09-20-2017

Hi @kiwi Any update on 8.0.5 release date? Regards Rahman

RahmanDuran · ‎03-20-2017

Can anybody test if 8.0.1 fixed the issue? Thanks, Rahman

RahmanDuran · ‎02-24-2017

Hi, After I upgraded to our PA-3050 to PANOS-8.0, ios and android native clients (using ipsec xauth) don't work anymore. These clients can authenticate successfuly and get a valid IP from the gateway ip pool. But after this they can't access anything. There is no traffic logs shown with the vpn ip either. Anybody using 8.0 can test if ipsec xauth is functional to see if its 8.0 upgrade or something else is wrong with my setup. Thanks, Rahman

RahmanDuran · ‎01-13-2017

Hi Klaus, I am not saying HA is unnecessary. It is the opposite. We run our shophos setup with active/passive for 6 years until it aged out. I am just suprised to hear I need to buy every license for passive box too. It was different with Sophos. Sophos needs you to license only one of the boxes if you use them with active/passive. When I talked with the reseller about this he said it is the same with PAN-OS. We were short on budget so we get one box with 3 year threat prevention license and 3 year support. So we could buy only the second box later to run it passive mode. It seems our reseller misinformed us (if not lied on purpose). Thanks, Rahman.

RahmanDuran · ‎01-12-2017

Hi, We were using sophos utm before PAN-OS. With sophos only one license was requirred for active passive. Two license was requirred only if you do active/active ha. If PAN-OS requires seperate threat prevention license for the passive hardware then what is the purpose of it to run them in Active/Passive? I should run active/active if I have to pay new licenses for the passive box. Thanks, Rahman

RahmanDuran · ‎01-12-2017

Hi, We are using pa-3050 running 7.1.x with 3 year premium partner support and 3 year threat prevention license for about 2 months. We want to setup active passive HA. So What do we need to buy? Will buying only pa-3050 hardware without any support or license be enough for active passive HA? Thanks, Rahman.

RahmanDuran · ‎01-10-2017

No it won't work, PANOS does not support DHE and ECDHE ciphers for inbound ssl decryption. It does not have anything to do with your certificate. It is about the client and the webserver. Just run wireshark on your client and filter for server ip and ssl.handshake.type == 2. If you see that the client and server agreed on a DHE or ECDHE cipher, then inbound decryption will not work. You need to disable DHE and ECDHE ciphers on your web server so clients can not connect to server using DHE and ECDHE ciphers. Instead they will agree and use on other supported ciphers. Rahman

RahmanDuran · ‎01-09-2017

Well, after digging the documentation I think I found what I want; "Auhtentication sequence". So with creating authentication sequence that includes both local and ldap profiles then using this sequence in GP Portal, I solved my problem. I still don't understand the purpose of adding multiple profiles directly to Portal settings btw. Thanks, Rahman

RahmanDuran · ‎01-09-2017

Hi, I am using LDAP authentication profile for GP Portal and Gateway authentication. The problem is when the LDAP server is down I can not log in. So I want to use two authentication profiles. One for LDAP backend and one for local authentication. As you see in the attached screenshot, I added them to GP portal settings. The problem is I can not use two of them. LDAP backed account is "test@domain.com". Local account is "test-local". If the LDAP profile is on top in Portal settings, LDAP authentication works and I can login with "test@domain.com". But if I try to login with "test-local" it fails with error log: " failed authentication for user 'test-local'. Reason: User is not in allowlist auth profile 'LDAP-Admin-Users', vsys 'vsys1', From: xxx.xxx.xxx.xxx. As you can see it tries to authenticate local user against LDAP profile and fails. It does not try to authenticate it against local profile. So why can we set multiple authenticatin profiles in GP Portal settings? What is the purpose of it if it only uses first one? Or how can I achive what I need? Thanks, Rahman

RahmanDuran · ‎12-19-2016

Hi, I already read it. And it is useful only for uploads but what I need is to limit download. There are a few hundreds of subnets and thousands of users behind LAN interface. So I am limited to 8 classes. We migrated from Sophos UTM last month. Dissapointed with some limitations I encountered. Thanks, Rahman

Member Since	‎10-18-2016 10:16 AM
Date Last Visited	‎12-27-2018 08:25 AM
Posts	16
Total Likes Received	6

Online Status	Offline
Date Last Visited	‎12-27-2018 08:25 AM

About RahmanDuran

Re: PANOS 8.0.7 SSL inbound inspection affects SSLLabs scroe

Re: PANOS 8.0.7 SSL inbound inspection affects SSLLabs scroe

Re: PANOS 8.0.7 SSL inbound inspection affects SSLLabs scroe

PANOS 8.0.7 SSL inbound inspection affects SSLLabs scroe

Re: PANOS-8.0 broke IPSec XAuth VPN?

Re: Release date for PAN-OS 8.05

Re: PANOS-8.0 broke IPSec XAuth VPN?

PANOS-8.0 broke IPSec XAuth VPN?

Re: What should we buy for active passive HA?

Re: What should we buy for active passive HA?

Re: "decrypt-unsupport-param" error on Inbound SSL Decryption

Re: PANOS-8.0 broke IPSec XAuth VPN?

Re: Multiple authentication profiles for GP portal and gateway?

Secure Renegotiation IS NOT supported

Re: Release date for PAN-OS 8.05

Re: PANOS 8.0.7 SSL inbound inspection affects SSLLabs scroe

Re: PANOS 8.0.7 SSL inbound inspection affects SSLLabs scroe

Re: PANOS 8.0.7 SSL inbound inspection affects SSLLabs scroe

PANOS 8.0.7 SSL inbound inspection affects SSLLabs scroe

Re: PANOS-8.0 broke IPSec XAuth VPN?

Re: Release date for PAN-OS 8.05

Re: PANOS-8.0 broke IPSec XAuth VPN?

PANOS-8.0 broke IPSec XAuth VPN?

Re: What should we buy for active passive HA?

Re: What should we buy for active passive HA?

What should we buy for active passive HA?

Re: "decrypt-unsupport-param" error on Inbound SSL Decryption

Re: Multiple authentication profiles for GP portal and gateway?

Multiple authentication profiles for GP portal and gateway?

Re: QoS limiting download bandwidth for multiple subnets behind LAN interface.