This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About CARRIERJerome
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About CARRIERJerome
10-06-2021
14Posts
1Like
0Solutions
Oct 06, 2021Last Visited
User
Activity
User
Profile
Latest posts by CARRIERJerome
| Subject | Views | Posted |
|---|---|---|
| 1861 | 07-02-2020 11:47 PM | |
| 1885 | 07-02-2020 01:57 PM | |
| 1930 | 07-02-2020 08:08 AM | |
| 3303 | 01-28-2020 11:01 PM | |
| 3354 | 01-28-2020 12:24 AM | |
| 3005 | 10-03-2019 11:47 PM | |
| 3046 | 10-03-2019 06:36 AM | |
| 1877 | 06-21-2019 12:31 AM | |
| 1969 | 03-26-2019 11:43 PM | |
| 2066 | 03-12-2019 02:02 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 03-05-2019 12:50 AM |
User Badges
Community Statistics
| Member Since | 03-14-2018 02:02 AM |
| Date Last Visited | 10-06-2021 03:11 AM |
| Posts | 14 |
| Total Likes Received | 1 |
07-02-2020
11:47 PM
I forgot to precise : our application uses differents port such as application1.intra.domain.corp/8085/toto, or application1.intra.domain.corp:8585/titi or application1.ext.domain.corp/8085/toto.. BR
... View more
07-02-2020
01:57 PM
Hello My goal is to create an generic signature because my application has not always the sale fqdn but I have always the /toto or /titi after (application1.intra.domain.corp/toto, application1.intra.domain.corp/titi, application1.ext.domain.corp/toto,...). Is it possible and how I can create a signature based on *.intra.domain.corp/toto or *.intra.domain.corp/titi or *.ext.domain.corp/toto? BR
... View more
07-02-2020
08:08 AM
Hello For the same application, I have several links and ports (https://application.intra.mydomin.corp:8530/toto, https://application.intra.mydomin.corp:8130/titi, https://application.mydomin.corp:8530/toto,..) and I would like to create a rule and specify the application and not a rule based on the protocol. How I can create a custom application who match with my example ? BR
... View more
01-28-2020
11:01 PM
Hello I restarted completly Panorama but the problem is not solved. Regarding licenses, All firewalls managed by Panorama have a valid license avalaible untile the end of this year. When I go to "Device Deployment / Licenses", I see for each firewall that licenses have been updated and valid until 2020/12/31. When I'm connected directly on the GUI of my firewalls, I'm able to download and install antivirus, threat.... When I'm connected on Panoroma, at "Device Deployment / Dynamic Updates", I start "Check now", I have no error message, the last checked information of antivirus , application and Threats section is updated... but the "Antivirus" or "Application and Threats" definition are not up to date and still blocked on version of middle of December... BR Jerome
... View more
01-28-2020
12:24 AM
Hello I use Panorama to manage my firewalls, I configured Panorama for Dynamic updates (antivirus, Application & Threats) but, when I go to "Device Deployment / Dynamic updates", all versions are in middle of December 2019. When I "check now", I have no issue about an connection error but the new version of antivirus, App & Threats are not up to date. Even if I try to upload manually the latest version, I have no error but I don't see the version uploaded in the list. If I try directly on my FW to check if new version is avalaible, it's working. Do you have an idea why from Panorama, I can't see the latest version of updates ? BR
... View more
10-03-2019
11:47 PM
Hello I desactivated the server response on the Policy Rule (policy rule to allow SMB access) but without any change about the performance. When I copy a file between 2 servers under the same zone (prod-servers), there is no bad performance but when I copy the same file between to differents zones (users to servers-prod), the speed for the copy is very poor.
... View more
10-03-2019
06:36 AM
Hi I have a firewall configured with different zones (users, servers-prod, servers-dev). At network configuration level, 4 network interfaces are linked to 1 aggregate group and under this aggreate group, I have on subinterface linked with each secuirty zone (ae1.1 for users, ae1.2 for servers-prod, ae1.3 for servers-dev). The 4 interfaces of the Palo Alto are connected on a Cisco stack with aggregate configuration on the Cisco. My problem is : when I start a copy between 2 servers hosted in servers-prod zone, 1 have a good speed for the copy but when I try to copy the same file between users to servers-prod, the speed of the copy is bad. Do you have an idea about this performance issue ? BR
... View more
06-21-2019
12:31 AM
Hello I would like to have advices regarding firewall rules. I'm deploying a PA-3220 on my main site (site A). On this main site, I have several zones configured on my PA3220 (user, servers, dmz Intranet,). I have also 5 remote sites. I must create a rule to allow small sites and users & servers zone configured on my main site (site A) to reach our DMZ Intranet zone . What is the best approch to create a rule ? Is-it to create a first rule (wich rule name ?) to allow remote site to Intranet zone on site A and a second rule to allow the the local zone (user, server) to reach Intranet ? Is-it to create a single rule with, in source zone, the WAN zone (remote site) and local zone (user, servers) and destination my DMZ network in the Intranet zone ? And is-it a problem if in source zone, I have a mix of WAN access (for traffic coming from my remote site) and local site (user, servers) for traffic coming from these local zones ? BR
... View more
03-26-2019
11:43 PM
Hello Is Userd Identification feature works only whith Active Directory users account or also with Computers accounts ? I would like to create a security rule who allow access on our internal ressources only for computer with an active computer account in our AD and for computer without an valid computer account or disable account, the traffic must be blocked. BR
... View more
03-12-2019
02:02 AM
Hello I plan to put in place a SSL decryption rule to decrypt ssl traffic (SSL forward proxy). But I don't want decrypt traffic for several categories of website such as financial (bank website). I haven't the URL filtering license. I create a first rule "Do not decrypt" where I specify "Financial-services" in the URL category but when I test and reach a bank website, the certificate has been replaced by the certificate confiuged for decryption. Is-it because I haven't the URL filtering licenses ? And if I create on PA an URL category "Do-not-decrypt" with bank website used for the test and add this custom category in the rule "Do not decrypt", the website is not decrypted. Do you know where I can find a list of bank site to be imported in the URL category created ? BR
... View more
03-05-2019
07:28 AM
Hello First, I imported on the device the root-ca certificate. After, I generated a new certificat and specify External Authority in the option Signed By. After, I exported the CSR and I validate the CSR on my PKI server. I exported the certificate from my PKI server as a based-64 format and import the certificate in the device (without error). But I can't select the option "Forward Trust Certificate" on the certificate information. BR
... View more
03-05-2019
12:50 AM
1 Kudo
Hello I try to configure the ssl decryption on my cluster of PA-220. I have an internal PKI based on Microsoft solution. On the first node, I'm able to generate the request, the csr has been validated by the PKI server and I'm able to export from the PKI the certificate (base-64 encoded). I'm able to import the certificat in my PA-220 device without error but when I try to enable " Forward Trust Certificate" and "Forward Untrust Certificate" options, I can't select these options. Why these options are not available ? BR
... View more
11-23-2018
12:00 AM
Hello Thank's for your anwser. To be sure to understand, if I have the following hiearchy on the Device Group : Company FR - Paris - Toulouse DE - Munich Your recommandation is to create object with the "shared" option validated and the location of the objet is "Shared" or to create object in "Company" DG without "shared" option validated and in this case, the object is created with "Company" location, and as it's the top of the DG hiearchy, this object will be avalaible in the other DG (FR, Paris, Toulouse, .. ) ? BR
... View more
11-22-2018
09:04 AM
Hello I start the Panorama configuration and I created Device Group. My device group are based on our site location : FR - Paris - Toulouse I would like to know the best way for the configuration. If I create objects in Paris DG (object to define Paris's local networks and servers) and I create also objects in Toulouse DG (object to define Toulouse's local network and servers), I can create a rule in Toulouse for exemple to allow LAN network to request server in Paris. In destination, I can't select the objet define in Paris to define a network located in Paris's site. What is the best way to manage this type of configuration ? Create all objects in share DG ? BR Jerome
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks