Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
About JoergSchuetter
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About JoergSchuetter
21 hours ago
110Posts
36Likes
21Solutions
Jun 12, 2021Last Visited
User
Activity
User
Profile
Latest posts by JoergSchuetter
| Subject | Views | Posted |
|---|---|---|
| 306 | yesterday | |
| 146 | a week ago | |
| 543 | 3 weeks ago | |
| 315 | 05-07-2021 11:31 PM | |
| 1990 | 04-30-2021 06:59 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 3 weeks ago | |
| 1 Like | 05-07-2021 11:31 PM | |
| 1 Like | 04-28-2021 03:34 AM | |
| 1 Like | 03-25-2021 01:17 PM | |
| 1 Like | 04-05-2021 06:21 AM |
User Badges
Community Statistics
| Member Since | 02-18-2018 07:04 AM |
| Date Last Visited | 21 hours ago |
| Posts | 110 |
| Total Likes Received | 34 |
yesterday
Hello @Dan_Swartz Did you check the routes on the client (using "route print")?
... View more
a week ago
Hello The firewall will treat a TCP session where no packet was sent for 1h as dead (and not sending a packet to client or server). If one of the participants (client, server) send a packet, it will not be allowed (no established session). With application override you could increase the timeout. If the issue still persist, changes are high it is not related to the firewall.
... View more
05-07-2021
11:31 PM
1 Kudo
Hello
If you have include routes, simply skip the exclude route for 0.0.0.0/0 in the split config.
... View more
04-30-2021
06:59 AM
Hello We still have users who receive the warning. Portal config was adjusted, GP is 5.2.5-c84. The agent log (PanGPA.log) holds the following line: <display-tunnel-fallback-notification>no</display-tunnel-fallback-notification> So I would assume, everythig is configured as required. Any idea on this?
... View more
04-28-2021
03:34 AM
1 Kudo
Hello @jesuscano Make sure that the firewall rules have a security profile where a "URL Filtering Profile" is bound. On this "URL Filtering Profile" set all categories to "alert" instead of "allow". If you don't have a URL filtering profile, create a custom URL category which matches all URLs ("*") and set this one in your URL filtering profile to alert. You will see the requested URLs in the "URL Filtering" log. If ssl decryption is not enabled, your information is limited.
... View more
04-27-2021
10:47 PM
Hello @omprasadax This mainly depends on how the routing is configured. Azure is very kind and adds routes of peered vNets and so on. Unfortunately this is not what we need when using a NVA. Check the effective route on the servers, and overwrite the routing accordingly. Asynchronous routing has to be prevented.
... View more
04-19-2021
06:27 AM
Hello @gcampbe9 I'm creating CSR in Panorama (tab: Device --> Certificate Management --> Certificate). Once the certificate is signed, upload it to Panorama and push it to the firewall node.
... View more
04-07-2021
01:38 PM
Hello @Brett-Welch Do you have a route on your internal network for 192.168.124.0/22 pointing to the firewall?
... View more
04-05-2021
12:30 PM
Hello @JoyLiu0331 PA uses wred for QoS limitation. If you have only low number of sessions within that class, the limit is less accurate. My experience with 9.1 and low number of sessions (typically only one) is that the threashold is never reached.
... View more
04-05-2021
06:21 AM
1 Kudo
Hello @Palo_lover We have three portals on one firewall cluster (with a single vsys). Every portal is bound to a different IP address. Besides that, everything is straing forward (as you indicated in your post).
... View more
03-25-2021
01:17 PM
1 Kudo
Hello @Ash2k Change the IP assignment in Azure to static (for all fw IPs). Configure the primary IP on the firewall with the correct network mask (e.g. /24). Configure all further IPs on the same NIC with /32
... View more
03-25-2021
09:54 AM
Hello @MartyMcFly Assume that you manage to finish the setup without a certificate. This would allow anyone to connect to to your environment (using whatever is granted for user pre-logon). I don't think is is a good idea.
... View more
03-22-2021
09:29 AM
1 Kudo
Hello @MMathidhanaseka You need to add secondary IP(s) to the outside NIC of the firewall. This secondary IP needs to have a public IP attached. Add the private secondary IP to the outside NIC of your firewall (but ensure it is a /32). NAT access to private secondary IP (the firewall does not know anything about the public IP) to the real server IP.
... View more
03-21-2021
01:53 PM
Hello @OsamaKhan If renaming fails, did you try to keep the name, unbind the nodes, bind the nodes with the correct template? Joerg
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
21 hours ago
|
LEGAL NOTICES
Copyright 2007 - 2021 - Palo Alto Networks
