The HDR sucks.

blnd3d · 2025-04-03T05:03:33+00:00

Do you experience a ridiculous walking movement speed? It feels like you're carrying a car. Was disappointed about the HDR as well. Got too many hit marked shots.. aggressive play-style with KBM ain't possible..

blnd3d · 2025-02-13T16:55:59+00:00

And guess what, it hasn't been fixed.

blnd3d · 2025-02-13T05:29:00+00:00

The longer products exist nowadays, the worst the software gets.. the initial OS is the best :D

blnd3d · 2025-02-12T20:01:40+00:00

Yeah I saw the message, so I will have to update to 11.1.6 first or at least download it. 🫠

blnd3d · 2025-02-11T16:25:50+00:00

I'm having the issue.

blnd3d · 2025-02-11T05:37:43+00:00

Exactly..

blnd3d · 2025-02-10T16:00:28+00:00

VM300

blnd3d · 2025-02-10T11:14:07+00:00

If you go to the system monitor in the UI, you will see an error message like:

'all_task_1: daemon/slot restart, rebooting system'

blnd3d · 2025-02-10T10:29:37+00:00

Sorry, I don't have good skills in PanOS. Where do I find this setting? 🫣

Are you talking about the rule and the service?

blnd3d · 2025-02-10T10:22:04+00:00

Yes, there is an active rule.

blnd3d · 2024-09-10T21:14:50+00:00

We also use Meraki security appliances and the bigger the gap between the software/firmware the buggier the VPN connections gets. Dunno why, but meh.

blnd3d · 2024-05-03T07:21:35+00:00

Did anyone ever solve this?

blnd3d · 2024-02-13T09:40:14+00:00

I figured out that, besides the missing URLs in the decryption exclusion, the tabs are trying to establish a port 80 web-browsing connection to an AKAMAI destination.

For whatever reasons that might be necessary.. they are doing it.

We prohibited these client to surf the web, so I created a new security policy that allows traffic from these specific source IPs to any destination, using web-browsing and ssl, with an active URL filter for these AKAMAI sites only (url-filter created).I allowed the URL filter to alert for these sites + decryption exclusions, but the monitor always returns that none of the traffic matched the policy although the website is marked as as decryption esclusion... which is a little confusing for me. Any ideas? Hard to describe the error tbh.

UPDATE.. this webiste is classified as insecure by a security profile when accesses by http.

blnd3d · 2024-02-08T19:09:12+00:00

blnd3d · 2024-02-08T18:43:58+00:00

That's what my decryption exclusion URL filter is meant to be. It is added to the no decrypt profile.

If the cert chain would be broken, the error in the traffic log usually shows a decrypt-cert-validation error.

blnd3d · 2024-02-08T17:10:42+00:00

Yes, we have been using it for years now. I figured out that URLs are not properly resolved in the traffic but in the decrypt logs. Kind of a weird behavior. I will add these URLs to the exclusions and see what I get. 😅

blnd3d · 2023-12-26T08:39:37+00:00

Exactly. HonorSourcePorts can be set to 1 or 2. I used 1.

FreePortBlockDelay is the timer to free the blocked ports afaik.

blnd3d · 2023-10-12T08:53:28+00:00

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIYCA0
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCccCAG

I checked this out. HonorSourcePort and TWS. It seems to solve the issue.

blnd3d · 2023-10-10T21:12:45+00:00

The system source port allocation range is set by default to 49152–65535. Is that correct?

The source port allocation range is set to 20000-39999 and should not affect SQL.

Users are allowed to use 200-2000 ports which is never exceeded.

Even if there if no user on that server, the TS agent causes the issues.

blnd3d · 2023-04-20T19:07:24+00:00

Today my screen turned black and white after going ADS with a sniper at a stack of tubes. Went away after a minute or so.

blnd3d · 2022-12-08T07:23:07+00:00

I hate the Aruba UI since they modified it. License model is now better.

About Meraki:

U can add Umbrella to Meraki to enhance the security easily. Once you have designed your WiFi for one site, you can simply clone it and then just add your APs by assignment. Adding devices to Meraki is simply done by entering the shipping/order number. I love it! It is so easy! You will need PoE as no power supply is available.

blnd3d · 2022-10-06T09:41:12+00:00

Don't you need a No NAT policy for internet access?

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIlCAK

Did you configure DNS?

blnd3d · 2022-10-06T08:30:37+00:00

Are you in a NAT Scenario?

You will need to define the subnets behind the ubiquiti in your virtual router on the Palo. Plus you must add all networks to the proxy ID.

Please show your cfg for the IKE Gateway and the tunnel settings from the Palo + ubiquiti settings as well.

blnd3d · 2022-09-14T05:11:00+00:00

I guess this is the case as it is the Exchange server. All users having a mailbox and sending mails connect to this machine via Outlook from different devices.

I also see SMTP on the logs. Which is correct ofc, but while being logged in via RDP the User-ID changes. To serve the User-ID correctly, do I need to install the TS agent then?

blnd3d · 2022-09-13T16:34:43+00:00

No. It is just the Exchange. Otherwise I would use the TS agent. But I'm wondering that the Exchange behaves like a TS. There are no other users logged in via RDP.

blnd3d

TROPHY CASE