Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About ccfalkner
About ccfalkner
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
06-03-2020
7Posts
0Likes
1Solution
Jun 03, 2020Last Visited
User
Activity
User
Profile
Latest posts by ccfalkner
| Subject | Views | Posted |
|---|---|---|
| 572 | 06-02-2020 12:16 PM | |
| 576 | 06-02-2020 12:12 PM | |
| 787 | 01-28-2019 11:35 AM | |
| 796 | 01-28-2019 11:24 AM | |
| 813 | 01-26-2019 04:01 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 1 |
User Badges
Public Statistics
| Date Registered | 11-28-2017 11:22 PM |
| Date Last Visited | 06-03-2020 05:06 AM |
| Total Messages Posted | 8 |
06-02-2020
12:16 PM
To keep the security policy list clean, it would be great if I could create a custom application and just change/add my own default ports. This way I can just re-use the application anywhere, inside of perhaps one security policy with all applications for the zone. I want full analysis of the packet, so application-override isn't appealing. Once you start adding services, you either have to have an additional policy just for your app/custom service ports, or have to research all application-default ports for all applications you add to the policy, which is tedious and less secure. Even with service groups, the complication creeps up with duplication of the policy to other areas. I haven't done a deep dive on this since PanOs 7.x, but still in 9.1, I can create an application and leave the custom signature blank without an error, but my new custom application still doesn't get any hits. Let's just say I want to use web-browsing with ports 8070, 8080 and 8090 for any similar web server throughout my enterprise. Is it possible to create a custom application for this, or any application? If not, I wish they would add that feature. Seems so logical and clean.
... View more
06-02-2020
12:12 PM
01-28-2019
11:35 AM
There we go. I was contemplating the NATing part, but didn't know how to accomplish that. Didn't think of a loopback. Excellent. I will work on that right now and make it the solution as soon as it works for me. Thanks alot.
... View more
01-28-2019
11:24 AM
To make it simpler, I was just using LDAP to authenticate my users. When I put both the users and satelites on one gateway, the verification errors out if I don't have a certificate profile. When that is added, my users error out due to not having their own certificate. For some reason, if I have two gateways, and only one authentication method is used on each, there is no configuration verification error if there is no certificate profile. There can only be one gateway on an address (you don't get the same address in the pull-down menue for the second gateway.) and you can't put the same subnet on a different interface on the same router. Therefore the need for the second VR. This is all assuming there is no better way, which I am trying to verify there is/isn't.
... View more
01-26-2019
04:01 PM
This is for a lab at the moment, but want real-world advice in case I attempt it. I had a portal and gateway setup for client SSL VPN and wanted to add LSVPN. Due to complete documents for each type of GP feature, but none combining the two, I went through many iterations of mixing the two, but always having some kind of error with needed profiles, cert errors, etc. I then tried creating two gateways, but needed to hang one (LSVPN) off of a virtual router to get an external interface/IP I could put a cert on. The single portal, two interface/cert approach didn't work for the satelite because it didn't like the shifting of the URL and gave a cert error even though the root CA cert was working for the initial cert. I then got it all to work by creating a second portal on the other virtual router with the gateway. I later switched the two, so client SSL VPN on the second router and LSVPN on the main router. I did this because OSPF can't be established between virtual routers, so the single SSL VPN subnet can easily be statically provisioned. In the end, I could have missed something and created a complex configuration I don't actually need, so I am just aksing if someone has gone through this and has a better way or some advice. Thanks.
... View more
11-29-2017
01:16 PM
That is good to hear. I specifically asked about VMotion in a support call and received the information I stated. I am glad that it is wrong. It was too simple of a problem to exist. Thanks.
... View more
11-29-2017
01:03 PM
I am new to VM series PAs and looking into how to setup HA. So it is interesting that the license is attached to the host and VM file location. Any change in this needs a re-registration of the license via tech support. Even using VMotion would trigger a need for a support call. I then assumed that I could put one VM on a separate Hypervisor in case of a hardware failure, but then while setting up HA, I checked a help screen that stated a requirement for HA is that both VMs are on the same Hypervisor. So, it sounds like this configuration is vulnerable to a hardware failure on the host, which doesn't sound like good HA to me. How is this mitigated, or am I missing something? Thanks, ccfalkner
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-03-2020
05:06 AM
|
Latest Blogs
Latest Posts
Copyright 2007 - 2020 - Palo Alto Networks
