About raji_toor

Domain joined PC, ADFS in environment, Hybrid Azure AD setup, Authentication policy o n Palo setup to use CIE(Cloud Identity Engine) with identities synced from Azure AD and On-Prem AD When ever I am clearing user ip mapping from the cache and try to test. I can see that authentication policy gets hit as captive portal redirect happens. But it does not prompt for authentication and instead redirects back to the website.  Firewall shows it learned identity from SSO. I want to block this and want it to trigger authentication. 10.92.16.100 is the firewall management IP    ... View more

Can response pages be considered for External/Public facing interface or is it a complete no. We want to use captive portal to authenticate certain users for certain systems. ... View more

Trying to setup and test Cloud Identity Engine.   CIE is only synced with Azure AD right now On-prem AD is not yet setup to sync to CIE   Source user allowed in policy is user@abc.com , Why the log shows abc\user ??? Since Identities are synced to Azure AD from On-Prem (Hybrid AD environment), Do we still need to syn On-Prem AD to CIE ????? When creating Authentication profile and selecting Cloud Authentication Service, Selected Region CA, Under Instance it just blanks out with a message 'You have not configured Cloud Authentication Service in this region: Canada. However we have all the users synced. Got this working, my config was not complete as I had not setup authentication in CIE and had only done directory sync Azure secret has 2 year validity. How do we maintain that, and will CIE break if renewal is forgotten. Do we get any alerts near expiry. Also same for metadata that was imported for authentication in CIE has a validity of 3 years.     ... View more

Setting up a path monitor on a static route where source is a tunnel interface.  I am able to ping from CLI with tunnel interface IP as source. But the route does not get installed.   ping source 10.0.0.1 host 4.2.2.2 PING 4.2.2.2 (4.2.2.2) from 10.0.0.1 : 56(84) bytes of data. 64 bytes from 4.2.2.2: icmp_seq=280 ttl=57 time=21.4 ms 64 bytes from 4.2.2.2: icmp_seq=281 ttl=57 time=21.3 ms 64 bytes from 4.2.2.2: icmp_seq=282 ttl=57 time=21.5 ms   Remote side is Azure and doesn't support tunnel interface with an IP. And I don't want to rely on any single Azure resource IP which might get deleted by someone else  bringing tunnel down.   With static route I would be able to use multiple remote IP's for monitoring. And I need to monitor it so I can remove associated routes so traffic transfers to 2nd tunnel using another internet link   ... View more