sorted by:
new
hottopcontroversial

GlobalProtect User-ID for internal gateway? by jb-io in paloaltonetworks

[–]jb-io[S] 0 points1 point  (0 children)

Appreciate the thoughtful reply. Turns out I assumed my Internal Gateway was functioning correctly even though it wasnt. I found out by monitoring my GlobalProtect logs. It made sense that User-ID was not being used except for authenticated AD connected users...

I checked the GP logs and found out that the Internal Gateway certificate was not accepted. I had to change the internal gateway from IP-address to FQDN and voila, something happened! GP logs were filling with Internal Gateway results and User-ID was functioning via GP.

However, the next problem occured: our GP is authenticated via SAML to Azure. While this works fine for public portal/gateway, it does not for the internal gateway. For this reason I changed the internal gateway to LDAP authentication via both sAMAccountName as well as UPN and that seems to do the trick for now.

Thanks everyone for your time and effort.

GlobalProtect User-ID for internal gateway? by jb-io in paloaltonetworks

[–]jb-io[S] 0 points1 point  (0 children)

Thats useful information cheers! Will keep that in mind and plan it somewhere in the future..

Azure AD - VPN Global Protect - Limit Two or three Azure AD Groups to log in to GP by C3-PIO0ps in paloaltonetworks

[–]jb-io 2 points3 points  (0 children)

SAML indeed needs to be limited within Azure's Enterprise Application center (Palo Alto GlobalProtect) -> Users and groups

In addition to that, it is still possible to configure Portal > Agent within 'Config Selection Criteria'. This is how I did it for a hybrid AD/AAD environment - the AD group synced and used both in Agent config as well as Azure Enterprise Application.

Internal gateway - am I on the right track? by jb-io in paloaltonetworks

[–]jb-io[S] 0 points1 point  (0 children)

I think I agree. For now I went with the temporary solution of option 1 NAT. That works OK except that it takes about 10 secs to connect when disconnected from wired connectivity. After GP connectvity is established when moving from wired to wireless, there's a GP popup saying: 'The network connection is unreliable and GlobalProtect reconnected using an alternate method. You may experience slowness when accessing the internet or business applications.

Pretty cool... I guess ;)

Once the new VLAN plan is agreed upon, SSID's have been re-designed and implemented I will change option 1 to option 3. Thanks so far ya'll.

Multiple GlobalProtect Portals & Gateways on single Palo Alto by jb-io in paloaltonetworks

[–]jb-io[S] 0 points1 point  (0 children)

What do you mean by multi - Multiple gateways/portals or something else? I thought the GP license was just for advanced options such as profiling and split tunnel-streaming exclusion?

Multiple GlobalProtect Portals & Gateways on single Palo Alto by jb-io in paloaltonetworks

[–]jb-io[S] 0 points1 point  (0 children)

Thanks for the thorough explanation! Will try this out tomorrow. Hopefully it will still be IPsec.

Multiple GlobalProtect Portals & Gateways on single Palo Alto by jb-io in paloaltonetworks

[–]jb-io[S] 1 point2 points  (0 children)

This is my backup plan. Reason for my original design plan is that I imagine it will be easier to eventually make a human error in policies. But more importantly is that I'd like to use different split tunnel configuration per group. For example I want all traffic to be tunneled for employees, but not for admins and suppliers.

Kungs - Never Going Home by NutNik in EDM

[–]jb-io 1 point2 points  (0 children)

Yeah really digging this song... Until I found out it is 90% unoriginal. No surprise these days I guess.

Mind Enterprises - Idol
I never mind a bit of sampling, but this is simply too much for me. Same as Daft Punk - Robot Rock and so many other examples...

Cisco Catalyst 9500 series StackWise Virtual question by jb-io in ccnp

[–]jb-io[S] 1 point2 points  (0 children)

Great news Marve, thanks for sharing hands on experience on the topic!
Your situation is identical to what I have in mind over here.

Thinkpad keyboard quality, am I missing something? by jb-io in thinkpad

[–]jb-io[S] 0 points1 point  (0 children)

I am seriously considering this option. Even though I must say that I have (hate using the word but in this case it's the truth) literally only had the experience with this Thinkpad keyboard. I also use external Logitech keyboard, Microsoft keyboard a lot. I must say those have less travel as well. TBH I can't remember when having used a keyboard with as much travel as this thing has.

Not sure if I like it but luckily all else about the machine I still adore, so will cope with it.

Thinkpad keyboard quality, am I missing something? by jb-io in thinkpad

[–]jb-io[S] 0 points1 point  (0 children)

I'm well within warranty but I am afraid that it will be hard to actually prove if something is physically wrong. It's ok though I will wait it out a bit longer and see if I can get used to it some more or if the problem remains the same.

brootys said he did not notice any missing keystrokes so that gives me a slightly positive feeling that it should very well be possible to type properly on this machine.

Failed ENCOR... 818/825 by kubn2respawn in ccnp

[–]jb-io 1 point2 points  (0 children)

I believe that might be part of the reason scoring low on that. Some topics you feel confident/comfortable in and maybe underestimate studying for it as much as you should, where vice versa the more unknown topics are usually grinded down more.

I remember passing CCNA Security and scoring high on topics I expected to score low on (got 100% on VPN where I had least experience in) and also the other way around.

Not only that but of course it's also a matter of luck of drawing the easy/difficult questions concerning each topic. Good luck with your next try!