About Hithead

Hi,   check the User-ID Agent logs. May the "User Identification Timeout" value is to low...       Can you please share the User-ID agent settings?   we run this settings for years, without any trouble: <timeout enabled="1" entry-timeout="840"/>     ... View more

can you please upload a screenshot of the traffic and url logs? (deny and allow case) ... View more

how is the portal configured? on-demand? ... View more

hi,   note the time and date when it happens again, collect all logs from the Client (PanGPSupport) and take a look at the PANGPS logs. May you will find something what could cause the issue...     ... View more

i have the same messages:   2016-09-27 11:02:39.493 +0200 connecting to ldap://[XXXXXX.domain.com]:636 with StartTLS... 2016-09-27 11:02:39.496 +0200 Error: pan_ldap_init_ex(pan_ldap.c:249): start_tls_s return(-1) : Can't contact LDAP server 2016-09-27 11:02:39.496 +0200 connecting to ldaps://[XXXXXX.domain.com]:636 ... 2016-09-27 11:02:39.609 +0200 ldap cfg Pan_Grp connected to XXXXXX.domain.com:636(index 0)   looks like, it tries to connect with normal LDAP:636 and then successfully with LDAPS:636.  LDAP:636 will not work... Checkbox "SSL required" is checked and it still tries LDAP:636 first... ... View more

hi,   you mean "drop"?..."block" is not available... ... View more

hi,   you can create a custom vulnerability signature to block it. But you have to Wireshark the traffic (down- or upload) with these files. In the pcap you can read out the "file-unknown-body" signature of that file which looks like \x3136977BB061728878688662\x   with this condition you can configure a pattern-match and the action to block the traffic.   More information are available here:   https://live.paloaltonetworks.com/t5/Featured-Articles/Tips-amp-Tricks-Custom-Vulnerability/ta-p/71603   https://live.paloaltonetworks.com/t5/Documentation-Articles/Creating-Custom-Threat-Signatures/ta-p/58569?attachment-id=1097   https://live.paloaltonetworks.com/t5/APIs/Custom-signature-file-upload-blocking/m-p/25448/highlight/true#M650         ... View more

first ssl and web-browsing allowed the traffic until ultrasurf could be detected...   i would suggest to block the url category proxy-avoidance-and-anonymizers ... View more

try to right click on the NIC under device manager and uninstall it with the option "delete the driver software for this device". Then remove GP. Reboot your client and try to install GP again.   Which version you are trying to install? ... View more

set the dhcp options in the registry would not help. the "true" dhcp options are set deep in "netsh". Sorry, but my skills on powershell is not good engough to write you an example.   But please find here http://www.ingmarverheij.com/read-dhcp-options-received-by-the-client/ a ps showing the DHCP options. may you can do some research with this ps script example and find a set command instead of show...     ... View more

what is the upload speed of the server and client site? ... View more

Hi,   How you imagine to build up a Client-VPN connection without any agents? PANOS requires GP for Client-VPN.           ... View more

it depends on the routing table (default gateway)... so far i know... But why running a client with two NICs? ... View more

The PA 2000 series are nightmare. I'm so lucky to get rid of it. Get in contact with PAN. May they can offer a financial solution... I know PAN is also tired to support these appliances... ... View more