Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
About ssancho
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About ssancho
03-28-2018
21Posts
1Like
0Solutions
Mar 28, 2018Last Visited
User
Activity
User
Profile
Latest posts by ssancho
| Subject | Views | Posted |
|---|---|---|
| 528 | 05-12-2016 09:21 AM | |
| 1419 | 09-22-2015 06:16 AM | |
| 1425 | 09-22-2015 04:43 AM | |
| 1272 | 05-10-2012 02:13 PM | |
| 2939 | 05-10-2012 09:01 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 05-10-2012 09:01 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like |
User Badges
Community Statistics
| Member Since | 11-25-2010 06:33 AM |
| Date Last Visited | 03-28-2018 10:40 AM |
| Posts | 21 |
| Total Likes Received | 1 |
05-12-2016
09:21 AM
Hi all, do you know if it is possible to use the syslog parser to obtain device information (for instance Operating system) and use this info in security rules?. I am using the syslog parser to obtain the IP-User mapping and it works perfectly, now I would like to obtain more info from the log. I know that the device info is available if you use GlobalProtect and HIP profiles but I would like to have this feature without install globalprotect (I am thinking in Wifi devices)
Is there any possibility?
Many thanks
Samuel
... View more
09-22-2015
06:16 AM
Hi, not exactly. What I mean is that, when you configured a SSL decryptcion policy, is there any hardware chip insdie the PA-3020 or PA3050 that do the job to decrypt the traffic?, or all decryption is done by software?. If you only wants to decrypt some traffic (and not all), as I understand, it is not necesary to install a decryption device because the firewall can decrypt the traffic directly. Many thanks for your reply Best regards Samuel
... View more
09-22-2015
04:43 AM
Hi, anybody knows if PA3020 and PA3050 has a dedicated hardware for SSL Decryption?. I saw a document a few years ago where you can see that some Palo Altos has a dedicated chip for SSL decryption but I could not find it again and I do not see if PA3020 and PA3050 has the hardware or not. Many thanks for your help Best regards Samuel
... View more
05-10-2012
02:13 PM
Two things: -I can confirm to you that PA 2020 and PA2050 has the same commit times than PA-500. This week about 8 or 9 minutes in PA-2050 for each commit. -thanks jfitz-gerald for your help but what about the origin of this topic?, could it be posible to disable shadow rules check, could it be one of the reasons for this commit times?. We know that the time depends on the size of configuration, logging, number of objects and number of rules, but often this configurations are necesary and the perception of client is a very slow system. Thanks Samuel
... View more
05-10-2012
09:01 AM
1 Kudo
Hi, regarding of the desperately slow commits in PA specially with a large number of rules and object. From our experiencie in other systems the rule shadow check is a very high CPU feature. It's sure that PA do a rule shadow and this it's in concordance with the fact that as much rules and objects you have more slow is the commit (more combinations to check) So, could it be possible to have a check before commit to have the option of no use rule shadow?. Imagine that you are change only the name of object, probably you do not need check the shadows and I suppose the commit will be faster. Anyone from PA could have the answer?? Thank you in advance. Samuel
... View more
- Tags:
- commit
04-09-2012
03:10 AM
Yes, you have to enable User Identification, not only for identify your users in Inside but to enable VPN on Outside, it is mandatory. Regards Samuel
... View more
02-03-2012
05:32 AM
Hi, if I configure VPN authentication with client certificate, it will be necesary to enter password?. I don't know if with client certificate you don't need user and password as I've seen in other scenarios. Reading documentation from Palo Alto seems that you will need only password (the name autofill with certificate), but I'm not completely sure. Thank you in advance Samuel
... View more
12-23-2011
02:22 AM
Hi, I'm using PAN OS 4.1.1 and I'm testing pan-agent and user-id agent. Actually I don't know how to delete my old user-group mappings. In CLI I type show user user-IDs and I see all the users, what I had with pan-agent and an old Active Directory and the new ones with User-IDs and new Active Directory. How could I delete the old ones?? Thank you in advance. Samuel
... View more
Labels:
- Labels:
-
User-ID
12-22-2011
07:07 AM
Hi, thanks for your reply. I supossed that, but the strange think is that I can select my groups in security policy but not in allow list of authentication Profile. Do I need to configure LDAP profile to have user-group mappings in allow list of Authentication Profile?. It seems strange to have groups in policies without LDAP profile and need it to use groups in Authentication Profile. EDIT: Hi, I've configured LDAP server profile and install User-ID (not pan-agent) in domain controller. All seems to work fine, I can create policies with users and make the filter of groups in firewall (Device, User Identification, Group Mappings), BUT I cannot select the active directory groups in Authentication Profile. How could I filter the users of Active Directory that can login in captive portal?, at the moment I only can select my local users. Thanks Samuel
... View more
12-19-2011
02:06 AM
Hi, I've PA-500 with 4.1.1 and I've configured Captive Portal with AD Authentication. Pan-agenty seems to work fine and I can select the AD groups when I configure Securtiy Policy. I've created an authentication profile only for Captive Portal with Kerberos authentication and my Domain controller as Server profile but I cannot see the groups in allow list, only can see local users. Although with all in allow list, Captive Portal authentication works fine I'm not sure if I need to configure Group Mappings but as I've read in Administrator Guide of 4.1 group mapping is configured as LDAP server, is it correct?, do I need to configure Group mapping only to have my AD groups in allow list of authentication Profile?. Thank you in advance. Samuel
... View more
11-03-2011
03:07 AM
Hi, as I've readed in release notes of 4.1 there is a new feature to use URL category in Security policies, Qos and Captive Portal but I've updated to 4.1 my PA-500 and I don't see where to configure this in security policies. Anyone has tested this feature? Thank you in advance Samuel
... View more
- Tags:
- categories
- url
09-28-2011
04:16 AM
Hi, you need SSL Proxy to unencrypt SSL and analize the traffic. It is very easy to implement. Regards
... View more
07-04-2011
12:12 AM
Hi all, and thanks for your answers. Yes, I'm asking why some Palo Alto firewalls show on Spec Sheets that IPS throughput is 1/2 than firewall throughput. I could understand that with IPS activated the performance is reduced but, for instance PA 4020 has 2Gbps of throughput and 2Gbps of threat prevention and PA4050 has 10Gbps and 5Gbps. Thats it's mean that you have to select the appropiate hardware thinking in Threath prevention throughput instead of firewall throughput?. Thank you in advance Regards Samuel
... View more
LEGAL NOTICES
Copyright 2007 - 2021 - Palo Alto Networks
