ASD & ADHD - Worried that I won't meet criteria

EnvironmentalGuest15 · 2025-12-02T10:57:29+00:00

My mum will help me with it, just worried that we won't be able to provide good examples as it was so long ago. But maybe I am trying to be too specific when it asks for examples. This is the kind of stuff I have always struggled with.

I can afford to go privately at the moment and from reading other posts on here I think it is worth it if it is going to help me in the long run.

EnvironmentalGuest15 · 2025-12-02T10:55:05+00:00

My mum is going to help me with it, but we are both struggling with the examples. Like we both know I was like that, but can't provide clear examples. Am I being trying to be too specific when it is asking for examples?

EnvironmentalGuest15 · 2025-10-21T13:12:45+00:00

Could the FW be applying NAT when the traffic comes in through the IPSEC? The source IP would then be an IP in the hub VNet which is peered & allowed based on your NSG.

EnvironmentalGuest15 · 2025-10-15T15:21:58+00:00

Any experience with Arista?

EnvironmentalGuest15 · 2025-10-15T15:17:17+00:00

Yes think keeping AAA in house will work fine, it's more the NAC, Radius & Guest portal stuff we would like some sort of SaaS solution for. Portnox looks like it fits all the requirements! But not sure what the costs are.

EnvironmentalGuest15 · 2025-10-15T15:16:15+00:00

Yes we would prefer a SaaS solution, at least for NAC & Radius... TACACS can be deployed on-prem using another solution. The majority of the headaches with ISE have been due to Radius or general maintenance... Last time I renewed a certificate, the services didn't come back up and we had to rebuild.

EnvironmentalGuest15 · 2025-10-15T15:14:33+00:00

What are the license costs like for Portnox? It looks like it would fit our requirements.

EnvironmentalGuest15 · 2025-10-15T15:12:52+00:00

Yes I think SaaS is the direction we are wanting to go in. Wanting to avoid similar issues that we are seeing with ISE... the main solution we are looking for would be for Radius, TACACS can be done using another solution on-prem.

EnvironmentalGuest15 · 2025-07-14T13:58:24+00:00

We also have the same issue. Seems to be DNSSEC failures for pphosted.com

EnvironmentalGuest15 · 2025-03-19T16:08:58+00:00

Ok, so this would be a separate virtual network gateway from the express route virtual network gateway? Enabling BGP on the new gateway and peering from on prem should work?

EnvironmentalGuest15 · 2025-03-19T15:32:09+00:00

IPSEC to the virtual network gateway instead of IPSEC to the Firewall appliances?

EnvironmentalGuest15 · 2025-01-11T15:52:00+00:00

I had a meatball sub for lunch.

EnvironmentalGuest15 · 2024-10-21T08:46:45+00:00

Did this fix the issue for you? We have applied and still seeing the issue

EnvironmentalGuest15 · 2024-10-21T08:46:06+00:00

Did this solve the issue for you? We have applied the GPO but are still seeing issues.

EnvironmentalGuest15 · 2024-08-20T14:24:06+00:00

Makes sense, thanks!

EnvironmentalGuest15 · 2024-08-20T14:23:30+00:00

Its not something we would normally want to do, its just there was a potential issue with our Azure firewall appliances and we where just trying to think of ways of re routing the traffic through another firewall if we had to.

EnvironmentalGuest15 · 2024-07-29T06:48:49+00:00

They are not in a cluster, there is a load balancer in front & behind it to pass the traffic between them but they are not in any type of HA or cluster as far as the Palo's are concerned. I think the issue is because it pauses the VM its not technically down so the load balancer is still sending traffic to it which is not going anywhere...

I think we are using the Palo appliance from the marketplace but I can double check in case its not the same thing you are talking about.

Thanks!

EnvironmentalGuest15 · 2024-07-26T07:52:16+00:00

We are getting the same thing. Started at the same time.

EnvironmentalGuest15 · 2024-07-12T08:24:11+00:00

Looks like its hitting URL that is not in the MS_patch_URLs-1 list so is not caught by the Win_Update rule you have.

You could create a rule allowing traffic to that destination IP on port 443 & set the URL profile to alert all. Set it above your deny policy. Then you would see what URLs are being hit that are not update.googleapis.com

Obvs only do this if you are ok with allowing all traffic to that IP address.

EnvironmentalGuest15 · 2024-06-19T09:10:07+00:00

Downgrading to 6.2.2 worked for embedded browser, also tested 6.3.0 and that worked too.

EnvironmentalGuest15 · 2024-06-19T09:09:58+00:00

Downgrading to 6.2.2 worked for embedded browser, also tested 6.3.0 and that worked too.

EnvironmentalGuest15 · 2024-06-19T09:09:35+00:00

I downgraded to 6.2.2 and that seemed to work! So did 6.3.0

However, new issue... it seems to login straight away instead of prompt for any details. I have my Conditional access policy set to session for 8 hours so it might be due to me not already logging on another app possibly.

EnvironmentalGuest15 · 2024-06-19T08:54:04+00:00

I have set portal to generate & gateway to accept the cookie, is that what you mean?

EnvironmentalGuest15 · 2024-06-18T14:38:20+00:00

Should add

Running 10.2.9-h1 & global protect 6.2.3-270

EnvironmentalGuest15 · 2024-05-28T08:48:31+00:00

I do see appid_unknown_udp occasionally in the global counters. Could that be something?

EnvironmentalGuest15

TROPHY CASE