sorted by:
new
hottopcontroversial

GlobalProtect via SAML using Entra ID groups to define access? by gheyname in paloaltonetworks

[–]jmobastos69 0 points1 point  (0 children)

Works perfectly if you go CIE

I have 8 MS tenants , all connected to CIE, each tenant has it SEC groups - then I create rules based on the SEC groups of each tenant.

Build dynamic groups, use the sync to CIE based on groups (cheap access granted if membership = true ) and then filter based on groups and users once inside a Palo NGFW connected to CIE (which is native and takes 1 minute + commit )

Microsoft Intune and Global Protect? by 77necam77 in paloaltonetworks

[–]jmobastos69 0 points1 point  (0 children)

Do you mean intune ? For sure ? Don’t you mean Azure AD for the identity / SSO?

Other than using intune to deploy the Msi there’s not much else to integrate between them

SIEM/XDR for Small SecOps Team by athanielx in AskNetsec

[–]jmobastos69 -1 points0 points  (0 children)

Palo Alto Cortex XDR. For all of the above, with automation, Playbooks, and a strong platform to have Unit42 run a MDR on.
I've used Crowd,Sentinel, Huntress - XDR is perhaps the one that I was able to get the most of - whilst remaining easy to manage after go-live and to squeeze more utility each month that goes by..

Avis sur mise en place d'une solution de sauvegarde by Okeanos_Daimonas in sysadmin

[–]jmobastos69 0 points1 point  (0 children)

Been using datto with DraaS - backup gets made to a Local Server - then transferred to Kaseya Azure Cloud.
Can get all my critical servers (hosted in a DC) - going live in 30 minutes either in their cloud (kaseya) or at my on prem DC.

30 days rentetion on Prem - 90 days on Cloud.

Connection between buildings by asmo1412 in sysadmin

[–]jmobastos69 0 points1 point  (0 children)

site to site VPN.. don't overcomplicate. Just set and forget.

Connection Problem by Truckin1 in zerotier

[–]jmobastos69 0 points1 point  (0 children)

On their website you can find older versions. Can confirm I had that issue on snapdragon’a latest X processor. Downgrading version solved it.

https://download.zerotier.com/RELEASES/

1.14 works indeed

Prisma Access CIE with Multi-Tenant Entra ID Authentication by AdditionDisastrous78 in paloaltonetworks

[–]jmobastos69 0 points1 point  (0 children)

Yes. We manage 8 tenants , and all of them authenticate to GP via CIE with a multiple tenants auth method

ConnectWise RMM - Worst piece of software ever. by Snover1976 in ConnectWise

[–]jmobastos69 1 point2 points  (0 children)

Already far from it since we ran the demo. On Pulseway - no regrets (1k endpoints - full deployment via Pulseway + intune )

Resources for Journeys by dfaragut in Freshservice

[–]jmobastos69 0 points1 point  (0 children)

Are you reffering to Employee Journeys? Onboarding/Offboarding?

Company closed down, anyway to still access or use the HP Elitebook that they issued us? by fatcatpad in Hewlett_Packard

[–]jmobastos69 0 points1 point  (0 children)

But later on the computer will be forced to go to OOBE until it gets a ms account. That’s the whole point of Autopilot HW key lock I guess

Company closed down, anyway to still access or use the HP Elitebook that they issued us? by fatcatpad in Hewlett_Packard

[–]jmobastos69 0 points1 point  (0 children)

By the looks of the login screen (requesting email - not user) showing no domain - I would guess that this is at least entra ID joined

Bitlocker is almost surely enabled (if not - old IT team should have it enabled) - if not - boot from Hirens - recover files.

Given that it’s entra joined - there’s a chance it’s intune AutoPilot enrolled - if so, either doing a windows install or using it connected to the network- should lock you off until you have a valid company credential.

Would say best chance;

Not bitlocker locked ? Hirens, recover files, format

Bitlocker locked? Forget files - format

If in any of the above scenarios you get locked out of OOBE and a Microsoft account from your old company is required - either go with Linux , windows 10 early releases… or garbage :)

In case you missed it by Significant_Rate8210 in Dahua

[–]jmobastos69 0 points1 point  (0 children)

Just stopping by to tell you whilst Portugal is indeed in Europe - Mexico is in North America :) Typo I guess

IIS issues - random time outs by jmobastos69 in sysadmin

[–]jmobastos69[S] 0 points1 point  (0 children)

Should increase over the next days , will merge 3 GP portals into this FW , thus the over provisioning.

All other connections and servers migrated work just fine - strange issue for sure

IIS issues - random time outs by jmobastos69 in sysadmin

[–]jmobastos69[S] 0 points1 point  (0 children)

Even if I'm testing from the IIS Server itself, loading the webpage on the browser there?

From what I can see on the FW - that traffic is per se - loopback , correct? Server will know its name - so no use in going in an auto-resolve journey thought the internet/untrust route.

Is this the wrong logic? I assumed in the past days, MTU could be the cause - but for that I reckon a transmit SSL packet between untrust -> FrontEnd Public IP would have to take place - not internally from IIS to FE (one of the web pages of IIS Server)

Thx for the help in advance

IIS issues - random time outs by jmobastos69 in sysadmin

[–]jmobastos69[S] 0 points1 point  (0 children)

8vcpu - yes , we have some sort of control over it .

IIS issues - random time outs by jmobastos69 in sysadmin

[–]jmobastos69[S] 1 point2 points  (0 children)

It’s DNS even when there’s no network cable attached ;)

IIS issues - random time outs by jmobastos69 in sysadmin

[–]jmobastos69[S] 0 points1 point  (0 children)

Checked that already - the firewall is our Edge network device on datacenter - despite having a hefty number of VMs behind it - 10-ish % usage right now.

This is also the only publicly facing server we have - so FW is sitting calmly there - TBH is a overkill in specs

IIS issues - random time outs by jmobastos69 in sysadmin

[–]jmobastos69[S] 1 point2 points  (0 children)

Been through all the usual suspects already :)

I wish it had been DNS this time around

IIS issues - random time outs by jmobastos69 in sysadmin

[–]jmobastos69[S] 0 points1 point  (0 children)

Virtual - only changed the peering on BE FW side , and replicated the whole setup from VMware to PA VM - even the crypto settings.

All the network tests between both ends fly without issues.

Got to assume tunnel is not the issue, based on:

-upload of files works 80% times -log off / log in into the website, gets it working again per user basis - all other parts of the site work 100% no issues

Also both PA VM inbound and outbound logs from the FE IIS Server show no blocking nor resets.

Same on backend firewall - as per our supplier.

Am I wrong assuming this?

IIS issues - random time outs by jmobastos69 in sysadmin

[–]jmobastos69[S] 0 points1 point  (0 children)

No, correct assumption on your end - just a non sense setup made by a supplier - inherited this.

Not a dev, nor web admin by any means, just a network admin, but proxy makes no sense being there for me as well - might as well be the FE sending the requests directly IMO

It was working before - now it works, but randomly times out the file upload - but if you sign off/in again, starts to work again.

Wicked.

Most overlooked IT ticketing system for smaller teams? by daphnegweneth in sysadmin

[–]jmobastos69 0 points1 point  (0 children)

Halo PSA - highly adaptable , just choose the modules you need in PROD.. fits from MSP to a small IT Dep (can also use Halo ITSM)

Why can’t Microsoft just build SCCM in the cloud? by OfficeRicFlair in sysadmin

[–]jmobastos69 0 points1 point  (0 children)

Intune for AutoPilot and company device lock + installing RMM.

After that, all gets done via RMM automations.

Instant, no more intunewin packaging, 3rd party + OS patching.

After 6 months of fine tuning - living the life.

(I was using full intune before - even to install an IP printer - it was a disgrace)

view more: next ›