Posts

Showing posts from December, 2022

USEFUL CLI COMMANDS FOR TROUBLESHOOTING USER-ID AGENT

Image
  USEFUL CLI COMMANDS FOR TROUBLESHOOTING USER-ID AGENT   175903 Created On 09/25/18 18:50 PM - Last Modified 04/20/20 21:49 PM Resolution This document aims to familiarizes users and admins to the CLI commands (on PAN-OS 8.0) relevant to User-ID agent running on Windows server.   Check for agent To check if the agent is connected and operational:   admin@anuragFW> show user user-id-agent statistics Name Host Port Vsys State Ver Usage --------------------------------------------------------------------------- LAB_UIA 10.21.56.14 5007 vsys1 conn:idle 5 Usage: 'P': LDAP Proxy, 'N': NTLM AUTH, 'C': Credential Enforcement A state of 'conn:idle' indicates the connected state. Usage would show blank if the User-ID agent is only furnishing user-ip mappings and no other services such as LDAP proxy, NTLM auth or credential enforcement.   Check for details of connection To see the details of the ...

HOW TO CONFIGURE IPSEC VPN

Image
  HOW TO CONFIGURE IPSEC VPN   619802 Created On 09/25/18 17:36 PM - Last Modified 10/30/22 09:22 AM CRYPTO PROFILE IKE IPSEC VIRTUAL ROUTER VIRTUAL SYSTEMS VPNS Symptom Documentation provides information of  Setting up IPSEC tunnel . This article provides an example with screen captures and IP addresses. Environment Palo Alto Firewall IPSEC VPN configuration Supported PAN-OS.   Topology   Resolution NOTE:  The Palo Alto Networks supports only tunnel mode for IPSec VPN. The transport mode is not supported for IPSec VPN. STEP 1   Go to  Network >Interface > Tunnel tab,   click  Add  to create a new tunnel interface and assign the following parameters: Name: tunnel.1 Virtual router: (select the virtual router you would like your tunnel interface to reside) Security Zone:(configure a new zone for the tunnel interface for more granular control of traffic ingress/egressing the tunnel) NOTE:  If the tunnel interf...