Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About JoergSchuetter
About JoergSchuetter
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
11 hours ago
80Posts
26Likes
18Solutions
Jan 17, 2021Last Visited
User
Activity
User
Profile
Latest posts by JoergSchuetter
| Subject | Views | Posted |
|---|---|---|
| 49 | 15 hours ago | |
| 40 | Friday | |
| 155 | 2 weeks ago | |
| 314 | 4 weeks ago | |
| 169 | a month ago |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | Friday | |
| 1 | 4 weeks ago | |
| 1 | 10-13-2020 02:50 AM | |
| 1 | 08-04-2020 09:56 PM | |
| 1 | 07-23-2020 11:48 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 1 | |||
| 8 |
User Badges
Public Statistics
| Date Registered | 02-18-2018 07:04 AM |
| Date Last Visited | 11 hours ago |
| Total Messages Posted | 85 |
| Total Likes Received | 26 |
15 hours ago
Hello We are facing a strange issue on a small number of notebooks (Windows 10). When the user connects via VPN, the user seen (and used) in GlobalProtect does not match the logged in (Windows OS) user. If he clicks on "logout user", the wrong user will be used again (no popup window where the user is asked to enter a different user). All the "sticky" users belongs to users with local administrative permissions on all of these devices. These administrative users have installed/staged the notebooks and handed them over to the "normal" users once done. The credentials could not be found in the credential manager of Windows (neither of the "normal" nor of the "administrative" user). Any idea how this could be solved (besides re-installation of GlobalProtect)? Best Regards Joerg
... View more
Friday
1 Kudo
After upgrading to GP 5.2.5 (guess it's related to GPC-12066) the issue is no longer happening, waiting for confirmation from PA (case is open),
... View more
2 weeks ago
I did a few more tests. - add a bogus DNS entry (bogus-host.skype.com) to my DNS server (pi-hole) - verify DNS resolution on the DNS server itself (outside of my GP-controlled notebook) - apply "ipconfig /flushdns" before every ping request ipconfig /flushdns & ping www.skype.com & ipconfig /flushdns & ping bogus-host.skype.com & ipconfig /flushdns & ping www.skype.com - ping www.skype.com --> delay of ~12 seconds until ping starts - ping bogus-host.skype.com --> ping starts without delay The same happens with another domain. pinging www.something starts after ~12 seconds, other hosts start without any delay. The issue is gone once I disable GlobalProtect. I'll raise a ticket w/ Palo Alto and see if there is an explanation for this.
... View more
4 weeks ago
1 Kudo
Hello We need to test MS-Teams. hence I did a few tests with split DNS. The published manuals (e.g. https://live.paloaltonetworks.com/t5/general-articles/globalprotect-optimizing-office-365-traffic/ta-p/319669) are fine, as long as the VPN gateway is "near". In our case the user is located in South Africa, and the VPN gateway is in northern Europe. The DNS requests are sent to the DNS server in northern Europe, and the reply does not provide the nearest entry-point into the Microsoft backbone. To fix that issue, I want to send some DNS requests to the users DNS server in his/her home network. Adding "*.skype.com" to Split Tunnel -> Domain and Application -> Exclude Domain and setting App -> Split-Tunnel Option to "Both Network Traffic and DNS" enabled the function. Unfortunately the experienced time for the DNS resolution will become much higher. "ping www.paloaltonetworks.com" starts immediately "ping www.skype.com" takes ~12 seconds to start I guess that GP simply blocks the DNS requests for www.skype.com (wireshark didn't show these DNS requests via the GP tunnel), so the client has to wait for the DNS timeout until it asks the local DNS server. Is this the expected behavior? PAN-OS 9.1.7 GP 5.2.4 Windows 10
... View more
- Tags:
- split DNS
a month ago
Hello @Erasmo If the traffic via DirectAccess to the server passes the firewall without inspection, you could disable inspection via GlobalProtect as well to compare the performance. Consider to enable inspection after your tests. Another parameter which is worth being checked is the MTU. Set the MTU on the tunnel interface (where GP terminates) to 1300.
... View more
12-11-2020
04:53 AM
Hello @mylimo456 Did you check the events on Azure regarding the network interfaces? How long did you wait?
... View more
11-26-2020
04:25 AM
Hello @sampley I have the same setup (GP 5.2.4, Win 10 1909), but can't reproduce the issue. It might be worth checking the logs of GP (PanGPS, PanGPA).
... View more
11-22-2020
11:57 PM
Hello @Jafar_Hussain Not sure if this only a copy-paste issue. The BLOCK IP URL starts with "*.". The objects do not hold the scheme (http, https, ...). So the URL should simply be "192.168.1.50/"
... View more
11-19-2020
10:23 PM
Hello @tejasmapuskar You need to make your panorama available via the Internet, filter access very tight. Now you need to grant the public IPs of your firewalls management interface to have access to panorama. The firewalls on cloud need to be told to communicate with the public IP of panorama.
... View more
11-16-2020
03:31 AM
Hello @Jonathanct Since it's a URL based edl, you have to use it with "Service/URL Category".
... View more
10-31-2020
10:24 AM
Hello @Marsooq_A Even if you set action to allow, it will not be allowed (due to the security profile set to block). You can see it similar as having a security policy allowing the access, but the virus filter will block if a virus is found.
... View more
10-30-2020
04:33 AM
Hello @Marsooq_A Can you try to - set action to allow - set all to "block" on security profile URL filtering It might be necessary to have SSL decyption active as well.
... View more
10-13-2020
02:50 AM
1 Kudo
Hello @ManuShankar You could use DNS Proxy here. The DNS Proxy service is mainly forwarding the requests from GP users (keep in mind to update the GP profile as well) to your internal DNS server. But you are able to overwrite some host entries.
... View more
09-25-2020
12:26 PM
Hello @AvinashKukkapalli We had the same issue. For one, it could depend on the software version of Zapp (ask your Zscaler TAM). In addition to this, it was also caused by interface priority (especcialy in combination with HyperV).
... View more
09-24-2020
09:50 AM
Hello Are you using Tunnel-2.0 w/ Zscaler? Did you add all ZENs to the split tunnel?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11 hours ago
|
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
