This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About k.truex
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About k.truex
08-15-2023
9Posts
1Like
0Solutions
Aug 15, 2023Last Visited
User
Activity
User
Profile
Latest posts by k.truex
| Subject | Views | Posted |
|---|---|---|
| 4789 | 10-09-2018 08:46 AM | |
| 4968 | 10-05-2018 10:23 AM | |
| 3012 | 10-05-2018 10:09 AM | |
| 3027 | 09-27-2018 09:50 AM | |
| 3115 | 09-27-2018 09:37 AM | |
| 2083 | 08-16-2018 12:22 PM | |
| 2096 | 08-16-2018 09:45 AM | |
| 1916 | 05-29-2018 03:24 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 10-09-2018 08:46 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 2 Likes | |||
| 2 Likes | |||
| 2 Likes | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 03-29-2018 08:43 AM |
| Date Last Visited | 08-15-2023 02:58 PM |
| Posts | 9 |
| Total Likes Received | 1 |
10-09-2018
08:46 AM
1 Kudo
A bit busy with IT chaos, but nothing changes... the logs dont lie. Client side logs showed a different story, PAN side logs looked as if user was closing the connection "but super quick". Client side, something looked as if the cert chain is/or was broken. User? Desktop security? OS Updates? Who knows? But... User on the client side is kjetbd "knows just enough to be dangerous", and we pulled their pc. We're are pretty locked down on the machine side, but sometimes that breaks things. So I'll update with the outcome, here's what I was seeing. (T9288) 10/04/18 15:40:51:561 Debug( 519): pManualGateways->RemoveAll() (T9288) 10/04/18 15:40:51:561 Debug(1155): message did not contain gateway-list. (T9832) 10/04/18 15:40:51:563 Debug(3374): OID is (null) (T9832) 10/04/18 15:40:51:563 Debug( 403): force 1.2 (T9832) 10/04/18 15:40:51:563 Debug( 370): set WINHTTP_OPTION_SECURE_PROTOCOLS (T9832) 10/04/18 15:40:51:563 Debug( 440): REUSE, set context=0000000002C1F6C0 (T9832) 10/04/18 15:40:51:563 Info (2523): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_HANDLE_CREATED, this=0000000002C1F6C0) (T9832) 10/04/18 15:40:51:563 Debug( 479): REUSE, new session 0000000002C6F080, m_server=x.x.x.x, port=443 (T9832) 10/04/18 15:40:51:563 Info (2523): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_HANDLE_CREATED, this=0000000002C1F6C0) (T9832) 10/04/18 15:40:51:563 Debug( 622): setReceiveTimeOut, set time out to 30000 ms (T9832) 10/04/18 15:40:51:563 Debug( 669): setConnectTimeOut, set time out to 30000 ms (T9832) 10/04/18 15:40:51:563 Debug( 652): kerberos, set HTTP_OPTION_AUTOLOGON_POLICY success (T9832) 10/04/18 15:40:51:563 Info (3472): winhttpObj->SendRequest, first try (T9832) 10/04/18 15:40:51:563 Info (1365): winhttpObj, SendRequest, bIngoreClientCert=0 (T9832) 10/04/18 15:40:51:563 Info (2523): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_RESOLVING_NAME, this=0000000002C1F6C0) (T9832) 10/04/18 15:40:51:563 Info (2523): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_NAME_RESOLVED, this=0000000002C1F6C0) (T9832) 10/04/18 15:40:51:563 Info (2523): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_CONNECTING_TO_SERVER, this=0000000002C1F6C0) (T652) 10/04/18 15:40:51:636 Info (2523): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_CONNECTED_TO_SERVER, this=0000000002C1F6C0) (T9832) 10/04/18 15:40:51:663 Debug(3848): send alive message now 3 (T9288) 10/04/18 15:40:51:663 Debug( 517): Command = <request><type>pan_msg_ping</type><result>3</result></request> (T652) 10/04/18 15:40:51:970 Info (2523): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_SECURE_FAILURE, this=0000000002C1F6C0) (T652) 10/04/18 15:40:51:970 Info (2536): winhttpObj, dwCertError is: (T652) 10/04/18 15:40:51:970 Info (2540): WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA (T652) 10/04/18 15:40:51:970 Info (2523): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, this=0000000002C1F6C0) (T652) 10/04/18 15:40:51:970 Debug(2604): WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, error=12175, result=5, dwCertificateError=8 (T9832) 10/04/18 15:40:52:063 Info (1433): winhttpObj, get WINHTTP_CALLBACK_STATUS_REQUEST_ERROR (T9832) 10/04/18 15:40:52:063 Info (1435): winhttpObj, ERROR_WINHTTP_SECURE_FAILURE set (T9832) 10/04/18 15:40:52:063 Error(1460): error = ERROR_WINHTTP_SECURE_FAILURE (T9832) 10/04/18 15:40:52:063 Debug( 887): Server x.x.x.x cert chain has been created. (T9832) 10/04/18 15:40:52:063 Info ( 905): Server x.x.x.x cert verification result is 0x1010040 (T9832) 10/04/18 15:40:52:063 Debug( 908): No mechanism to check server x.x.x.x revocation (T9832) 10/04/18 15:40:52:063 Debug( 925): Check server certificate revocation returns TRUE (T9832) 10/04/18 15:40:52:063 Debug(1020): The length of the serialized string is 1019. (T9832) 10/04/18 15:40:52:063 Debug(1038): The encoded element has been serialized. (T9832) 10/04/18 15:40:52:064 Debug(1056): SerializeServerCert(): wrote 1019 of 1019 bytes to file C:\Users\Administrator\AppData\Local\Palo Alto Networks\GlobalProtect\ServerCert.pan. (T9832) 10/04/18 15:40:52:064 Debug(3665): return string CERT_ERROR=00000008 (T9832) 10/04/18 15:40:52:064 Info (2523): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_HANDLE_CLOSING, this=0000000002C1F6C0) (T9832) 10/04/18 15:40:52:064 Debug(2622): handle 02c1fbd0 closed (T9832) 10/04/18 15:40:52:064 Debug(2626): REUSE, request closed (T9832) 10/04/18 15:40:52:064 Info ( 575): wait for closing callback success! (T9288) 10/04/18 15:40:52:064 Debug( 517): Command = <request><type>https_request</type><result>CERT_ERROR=00000008</result></request> (T9288) 10/04/18 15:40:52:064 Debug( 959): status message received from the service:
... View more
10-05-2018
10:23 AM
Weird one here, I have many remote users, all over, experiencing no issues. But... I have one user which when the user connects, he successfully connects but as quick as he auth's, he gets disconnected. Reason "client logged out". In which he does not logout, his side just never connects. + HQ is in Nor Cal, user is in Florida + User only uses "ya I know" ATT Iphone to tether or starbucks/Applebees/ATT hotspots... yes... really + User was a network admin in 2000.... so you know what type of user I'm dealing with.
... View more
10-05-2018
10:09 AM
So found I the problem, or "more of a design issue". The dynamic vpn setup on my branch side, is the issue to the vendor. I relized that when settting up a direct connection from branch to vendor. The vendor does not support Nat-T!!!! Doh!!!! Which is why I would see the out bound encaps but no decaps back on the HQ side. Back to the drawing board... Hopefully this stops someone form spinning their wheels
... View more
09-27-2018
09:50 AM
Just found this, which Im spot on. I do worry that my vendor side might be incorrect https://live.paloaltonetworks.com/t5/Configuration-Articles/How-To-Connect-2-Branch-Locations-to-Connect-through-HQ-Site/ta-p/62643
... View more
09-27-2018
09:37 AM
Currently Im labing a situtation where I'll need to have branch users route to a vendor through HQ via IPsec tunnels. Users at my banch access can acesss Web/HQ services though the HQ firewall, but when accessing the vendor. Logs show from HQ the attempts to the vendor from the branch office. But nothing but incompletes/aged-out. From HQ, I do see active connections for phaseII for the branch/vendor connection but of course no encap/decaps. Also I do have redistrabution profiles for Branch and Vendor connections on the HQ firewall. Thoughts?
... View more
08-16-2018
09:45 AM
As of late, Ive been seeing more and more xps file types tied to phishing attempts. PAN does catch it "Microsoft Phishing Site Detection", but as a for production. XPS files are not needed. But as simlar files types are list to be blocked "pdf's, etc", theres no option to block XPS file types? Could this have been added in a certain OS version? Suggestions? Example of whats being seen: https://isc.sans.edu/forums/diary/XPS+Attachment+Used+for+Phishing/23794/
... View more
05-29-2018
03:24 PM
Currently I have 2 HA'd 3020 on 8.0.0 code. I have SSL vpn setup using globalprotect with LDAP. Also having implemented User-id for policy access. All this is working. My problem is, when users access the network over globalprotect. Those users miss the rules created based on the "domain\user" and are only seen as "user". Now if the user accesses a server, service, drive, etc, the user will then have the correct "domain\user". This then forcing the user to use the correct rule set. But if the users dont access any AD services, they will then be forced to a "non user id" rule. Is there a way to append the "domain\" to globalprotect users? Would it be better to just segement globalprotect users? This seems to double the work and a bit mundayne.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-15-2023
02:58 PM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks