Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About JanisM
About JanisM
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
10-28-2014
12:35 AM
rgreens, have you tried to exempt this threat if you consider it safe?
... View more
01-24-2014
12:05 AM
We got similar errors on PA500 device using 5.0.6 version. " debug software restart management-server " usually helped to get rid of this stuff for a while. Then it creeps back again. Local manager recommended to upgrade RAM, did that, also upgraded to 5.0.10 and so far I have not encountered this error so far. Will see, because usually it takes few weeks after management restart to accumulate errors again.
... View more
11-04-2013
01:51 AM
I'm practicing necromancy by bring up this old post of mine. Then I settled with using proxy and all is acceptable, but for some trial time i got an CheckPoint SG80 device with OS version R75 with plans to get the same - get all traffic trough VPN so users behind CP device can use Web apps with PA external IP. Creating VPN is easy, bet when i active on CP "Route all traffic trough this site" and set proxy ID on PA like local: 192.168.0.0/24 and remote: 0.0.0.0/0 tunnel partially goes down. I can ping from PA to CP, but can't ping from CP to PA. System log shows, where *.*.*.118 is CP external IP: Does this "error" shows that computer behind CP is sending dns requests to google dns server but PA does not know what to do whit that? What would be proxy ID if on the other side would be an PA device with config like VinceM previously given?
... View more
06-07-2013
04:46 AM
I played a little with proxy ID's on both sides (changes sources, destinations and stuff), but with no real result. What would be the correct way to configure such thing if i would have PA devices on both sides? Maybe according to such configuration, i could get to work that mikrotik router and see if i did something wrong in previous config tests.
... View more
06-06-2013
06:29 AM
In PA side, i have interface, that is dedicated for VPN and policies that provides access to internal resources: VPN_POLICY - LAN_POLICY and rule for access to internet (if its correct): VPN_POLICY - WAN_INTERFACE. As goes for NAT rules or any other configuration besides IPSec's on Mikrotik side, i will add some pictures. Route is default to provide that connection works. pics ->here<-
... View more
06-06-2013
04:46 AM
Hello. We have a few IPsec S-2-S tunnels with different devices on other side and all works nice, but in one of them is required, that users on other side can use internet resources (to get this sides WAN IP address and access few web systems that with restricted usage by IP's) trough main office. What would be the correct or at least theoretical configuration to get such thing work? I've done some sloppy testing with routes but usually connection and tunnel just drops dead or nothing happens. One way, of course, is proxy (install local server on main side and just configure other sides browsers network configuration) and it's the easy way for me, but not for the users. They would have to turn proxy settings on or off, it they wanted to use their local internet resources for casual internet browsing. Device on other side is a Microtik router. Besides that, tunnel works nice. I can join domain and do stuff as usual.
... View more
- Tags:
- ipsec
05-20-2013
06:07 AM
It seems I have similar problem. While I was on 4.1.9, I had ssl dependency error on one application while commiting, but I ignored it because I planned to upgrade to 5.0.4 soon. Now my PA500 is on 5.0.4. and while testing I got such errors on every app that needs dependencies. And if i choose only, let's say google-earth, without needed web-browsing dependency - error on commit and google-earth does not work properly.
... View more
12-04-2012
11:16 PM
What i really would like to see in PA device is usable DLP. A few days ago i powered up old fortigate device and damn their DLP is quite nice to work with. They even had a chance to search for keywords in mail subject or body.
... View more
11-20-2012
01:04 AM
We have security rule where users IP segment is File Blocking profile dll,exes msi, whatever you need is in block action. There are few apps that now and then have to download some updated dll files. For that there is rule that sits before global user IP segment rule, that allows dll from specific IPs. If dll is downloaded from other site, it is blocked (for you instead of IP, you could have app, url category etc).
... View more
11-14-2012
04:22 AM
it seems that adding brightcould app to allowed apps group resolved that error for me. But it just depends in what IP segments your management consoles address is and if it it shares that segment (and what policies) with something else For me - problem resolved
... View more
11-12-2012
06:00 AM
I'm getting the same error, but i still have to check some things before starting to point with fingers (i got new machine, had to move config from old one and all is not as it should be in dynamic updates, but that should be fixed tomorrow)
... View more
Monday
11Posts
0Likes
1Solution
Mar 30, 2020Last Visited
User
Activity
User
Profile
Latest posts by JanisM
| Subject | Views | Posted |
|---|---|---|
| 781 | 10-28-2014 12:35 AM | |
| 360 | 01-24-2014 12:05 AM | |
| 364 | 11-04-2013 01:51 AM | |
| 364 | 06-07-2013 04:46 AM | |
| 364 | 06-06-2013 06:29 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 5 | |||
| 4 | |||
| 2 | |||
| 3 | |||
| 4 |
User Badges
Public Statistics
| Date Registered | 08-28-2012 05:38 AM |
| Date Last Visited | Monday |
| Total Messages Posted | 11 |
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Monday
|
Latest Tags
No tags yet
Latest Blogs
Latest Posts
Copyright 2007 - 2020 - Palo Alto Networks
