Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
About nnayak2
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About nnayak2
07-26-2021
8Posts
0Likes
1Solution
Jul 26, 2021Last Visited
User
Activity
User
Profile
Latest posts by nnayak2
| Subject | Views | Posted |
|---|---|---|
| 1055 | 03-27-2015 10:09 AM | |
| 1057 | 03-26-2015 06:02 PM | |
| 3473 | 03-26-2015 05:49 PM |
User Badges
Community Statistics
| Member Since | 08-29-2014 11:45 AM |
| Date Last Visited | 07-26-2021 08:39 PM |
| Posts | 8 |
03-27-2015
10:09 AM
1. You can do this for a admin user from AD, as you can mention the source user as well as the source ip-address in the same security policy which I mentioned in my previous update. Here are the requirements for it - user identification needs to be enabled on untrust interface - AD needs to have the mapping of public ip-address and the user so that firewall can poll that information and map it to the security policy There can be some drawbacks too: - Firewall will try to talk to AD to resolve a name for any public ip-address coming on untrust interface. This is will be a very high process intensive and can also have lot of system logs of failed attempts 2. Firewall might not map a local admin user and its ip-address for access to the firewall itself. This can be a feature request which can be discussed with your account/sales team.
... View more
03-26-2015
06:02 PM
Hi Cosx, You can enable HTTPS and SSH on the public facing interface i.e. the untrust interface and specify the permitted ip-address as mentioned in below link. Allowing Specific IP Addresses to Access the Palo Alto Network Device To have another layer of security you can also create a security policy from untrust zone to untrust zone and specify which ip-addresses are allowed as source and also mention the HTTPS and SSH application. This helps if you have the intra-zone policy as block i.e. untrust to untrust zone as block. Thanks, Nitesh
... View more
03-26-2015
05:49 PM
Hi Dorsey, You can try restarting the management server as below. debug software restart management-server If it was working before then was something changed from certificate point of view? You can check if the certificate that you are referencing for portal page is still valid or not. Also check of the portal login page is enabled as below link How to Disable the GlobalProtect Portal Login Page Thanks, Nitesh
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-26-2021
08:39 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2021 - Palo Alto Networks
