Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- ›
- About knutelde
About knutelde
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
08-18-2015
13Posts
0Likes
1Solution
Aug 18, 2015Last Visited
User
Activity
User
Profile
Latest posts by knutelde
| Subject | Views | Posted |
|---|---|---|
| 4225 | 02-09-2014 09:53 AM | |
| 878 | 02-09-2014 04:19 AM | |
| 1501 | 09-14-2013 11:57 AM | |
| 1501 | 09-09-2013 09:35 AM | |
| 1734 | 09-09-2013 06:13 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 3 |
User Badges
Public Statistics
| Date Registered | 01-01-2013 10:54 AM |
| Date Last Visited | 08-18-2015 09:06 AM |
| Total Messages Posted | 14 |
02-09-2014
09:53 AM
hi bdeschut I have already found the same descriptions that you have in the PANOS docs, but how are palo alto devices then meant to protect against virus and malware\spyware, coming into the network from peoples personal webmails and other personal apps using pop3 or IMAP ? are there no solution to use palo alto devices to stop virus that comes with trafic using these protocols ? Is it simply a matter of totally blocking everything that has to do with pop3 and IMAP, from entering the network ? there must be a way to filter and protect users even if they are using these protocols, or m I wrong ?
... View more
02-09-2014
04:19 AM
yes but the actual problem here is that decyption does not work for all parts of for example dropbox, linkedIN and others. so if you want your users to have access to these applications, then decypt is not an option (as far as I know) and thus controlling the application is not that straigth forward as it could have been, if decyption had worked.
... View more
09-14-2013
11:57 AM
HI, yes I have also found anothwer app vpncilla that connects fine, and I think it is sad that their android client is restricted to portal license users, a lot of users, like my company uses global protect, witout having or need ing the rather expensive portal license. andnothing good for linux wich is my main problem, native cisco with x auth does not work so good, and it uses broken security encryption. besides palo alto does not support this, saying its not their native solution like global protect client for windows or ios. like I said it have been on their roadmap for years and I am surprised, that we havent seen it yet
... View more
09-09-2013
09:35 AM
yes this seems very strange to as well, linux are an important part of many back bone and end users OS systems (i have been told that PA is built on centos linux distr for example) and there are estimates ranging between 25 and 50 mil linux users worldwide. For android I have seens estimates ranging from 40 - 60% of the global smartphone market, wich is double the number of iphone users, yet there is a iphone client from PA. To me it just does not make sense. I have seen in several discussions here that these clients have been placed on the roadmap for PA development, but not for long yet it seems.. Is palo alto really satisfied with leaving this many users without a good and supported native solution ???
... View more
09-09-2013
06:13 AM
hi is there any good alternatives out there for connecting linux and android clients to global connect\PA native IPsec vpn ?? And I DO NOT mean that native cisco is OK, the encryption used here has been broken for several years,and are not designed for either linux or android, and in many cases it does not function well
... View more
09-09-2013
05:52 AM
Thx Kunal, it did not solve this case, it was only a matter of old\filled up ARP tables, because a reboot of ISP router and PA 500 made it work, but it is intresting pdfs because I configure these kind of tunells often
... View more
09-04-2013
06:46 AM
Hi I have configured an fixed IP sec VPN tunell on my PA 500. The tunell comes up OK, and I can ping an traceroute an IP adress on the network I am connectod too, through the vpn tunell. But Packet loss lies between 20 and 40 % running ping tests. We experience the same thing on both sides of the tunell. what can be wrong here, to me it seems like the vpn config is OK, but that it may be a routing or policy issue, but since 60-80% of the packets are actually coming through, then I dont think it is routing or policy either. can it be an issue with ARP tables, if so will a reeboot of the firewall help, or should I reboot our ADSL modem\internet connection ? I am not familiar with the use of "tunel monitor" - but could it be a solution there ? knut
... View more
08-12-2013
04:45 AM
CASE SOLVED !! with the help from computerlinks excellent techn. we found that there was a error in a ip adress in the policy, allowing traffic back from finland 192.168.1.0/24 range when I corrected the IP adress, it all started working thanks for all good community support and feedback !!
... View more
08-10-2013
05:18 AM
update when running cli command show running routes i got a lot of routes for the 192.168.120.0/24 range, one that looks OK, and the rest of the rutes I am not sure if they should be there (see attached screenshot) I still cant quite figute out where I can set, edit or delete routes, like you would using add route in windows cmd shell, or route add in ,linux shell ??
... View more
08-10-2013
03:53 AM
hi and again thanks for really good feedback ! comments on points above: 1) i see the routing information, both in the GP client troubleshooting tab, and in windows cmd, and there are no specific route to the 192.168.1.0 range in finland. I could add a static route to test but I am not qiute sure what to set the gateway ip to. I have tried the gateway ip adress for finland 192.168.1.1 and the GP local gw IP 192.168.120.1 locally to a latop but both failed. So I can find the routing information for a GP client, but I am not sure how I can verify if it is pushed by the gateway or not. And where can I add a route to be pushed from the gateway ? 2) both tunels are configured with the same virtual router, and a security zone. there is a policy allowing traffic from the GP zone to the ip range in finland. I cannot choose a tunell interface as a destinaton in a policy, so i allow trafic from the gp zone to the ip range in finland 3) where should I define next hop from GP range 192.168.120.0/24 - I will take a look at the Source NAT option you mantion, maybe this is the solution I am looking for. I will post back how that work out. 4) there seems to be some missing repsonse packets yes, please see my attached pictures, showing ping test, session browser and trafic monitor for both ways, working one way but not the other way 5) In PAFW we use 192.168.120.0/24 only as GP ip range, and there is one listing of this in the virtual router, it looks to me like packets are going through the default route, because it finds no match to a specific routing rule, 6) I do not get the information i need from tracert, it only shows start and end adress and start inbetween, I have attached pictures of ping and tracert tomillustrate my point.
... View more
08-09-2013
12:37 PM
update, one thing works though - teamviewer, takes the route from tunel 1 (gp tunell) to tunell 15 (fixed ip sec vpn tunell norway-finland) - that I hope the rest of the trafic from gp protect would take, but I cannot succed in accheiving
... View more
08-09-2013
12:31 PM
Hi Krpakash, and thank you for a quick and informative reply. allow me to ellaborate \ specify the details in my setup : I have one PA500, here in Norway, and we have a production office in finland. all the users are connected to the same windows active directory domain, and there is a fixed IPsec vpn tunell between offices in norway and finland. employees in both countries connect to the same global protect. global protect users have their own IP range 192.168.120.0/24 and their own security zone. in finland the local ip range are 192.168.1.0/24 I can connect from finland to global connect, for example ping from 192.168.1.4 to 192.168.120.12 but not the other way, the trafic mnitor shows the traficc beeing sent but no packets come back to me it looks like a routing issue, and that machines in the Global protect zone does not know where the packets to the 192.168.1.4 range in finland should go. but I may be wrong. all input and ideas are appreciated knut
... View more
08-09-2013
11:28 AM
hi Hardik I am running into a routing issue with my global protect clients, how can I add routes in the ruting table ?? the route I need are not there Knut
... View more
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
