Mixed authentication methods added for Global Protect

Mixed authentication methods added for Global Protect

In Palo Alto Networks latest release 9.0.0, a new feature was added that allows you to have mixed authentication methods to the same Global Protect portal and/or gateway. When this feature is enabled it will basically allow your users to authenticate with user credentials and/or client certificates. The options are to either to require both…



LACP-FALLBACK BETWEEN ARISTA AND NUTANIX

If you have LACP configured between your Arista-switches (or any other switches) and a Nutanix Cluster, you will run into an issue when using Nutanix Life Cycle Management (LCM). LCM updates for BIOS, BMC and SATA DOM are currently not supported for Nutanix Clusters that use protocols such as LACP. If you try to do…



BIND CERTIFICATES TO CAPTIVE PORTAL IN ARUBA CENTRAL

When creating a new Guest Splash Page with either Anonymous, Authenticated or Facebook WiFi the users will encounter an certificate-error after authentication to the Captive Portal. This is because the users is redirected by standard to securelogin.arubanetworks.com or securelogin.hpe.com which uses the built-in certificate contained in Aruba Central. Since you will most likely have external…



Create Threat Exceptions for specific traffic

At some point you might encounter a false-positive threat that you want to make an exception for. If you know a file is safe if its downloaded from a specific place but you don’t want other files classified with the same threat ID/name to be whitelisted, you can create a separate security profile. Start by…



HOW TO: Configure BGP between Arista and Palo Alto using loopback-interfaces

In this example I will be showing you how you can configure BGP between Arista and Palo Alto. The setup has two Arista COR-switches which is configured with MLAG and a Palo Alto Networks firewall. The goal is to use iBGP between the Arista-switches and eBGP between the Arista-switches and Palo Alto. We will also…



Palo Alto introduces new feature to support Terminal Service (TS) Agent on Windows Server 2016

In the latest release of Palo Alto Networks Terminal Service Agent 8.1.1, we were introduced to a new feature where it is now supported to install the agent on Windows Server 2016. This is a very welcome feature that a lot of us have been waiting for. There are no other features added to this version…



HOW-TO IMPORT DHCP-LEASES TO WINDOWS SERVER FROM PALO ALTO

In some cases you will come across DHCP-scopes that are configured on the edge-device or similar and wanting to move it to your dedicated Windows Server instead. Below is an example where you can export DHCP-leases from your Palo Alto Networks device and add them to your dedicated Windows Server. In this example I will…



Palo Alto Networks: Command-And-Control (C2) category has been added to URL-Filtering

A new category has been added to Palo Alto Networks URL-filtering. The category is ”Command and Control” or ”C2” and the recommendation is to immediately set the action to BLOCK in your security profiles. C2 was previously included in the Malware category but has now been separated to get more effective management. For the malware-category…