In case you need to download global Protect client, other than on public Firewall IP here it is relative procedure that you should follow:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNlXCAW
In case your Palo Alto licenses suddenly expires Palo Alto will face below behavior.
What Happens When Licenses Expire?
What Happens When Licenses Expire? #2
Consider that, in case Firewall/VM will be rebooted only 1200 sessions, at the same time, will be available
Palo Alto has URL filtering feature possibility.
About complete list URL Filtering Categories here it is official web link:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5hCAC
In case you would like to test web site link and find relative categorization here it is another useful link:
Palo Alto permit to read proper .txt file exposed through https/http website (usually IIS) to import IP list to that must blacklisted
I am taking note about official article:
On Cisco Network devices you could have necessity to show running configuration withouth breaks/pauses:
switches/router:
show terminal | in Length
terminal length 0
show run
show run brief
WLC
config paging disable
show run-config" to display the config.
Cisco ASA
Pager (saved)
terminal pager (telnet session not saved)
The default is 24 lines; 0 means no page limit.
1. Type "pager 0" in priviledged mode to set your terminal to display without any breaks.
2. Type "show run-config" to display the config.
3. Type "pager 20" in priviledged mode to set your terminal to display with breaks every 20 lines.
full article:
Here it is official article that well explain on how to backup Palo Alto configuration.
Below you can find relative explicative screenshot.
I am taking note about what happen when Palo Alto licenses expires.
These are weblinks that well explain all details:
Be Aware that if you get unexpected Firewall/VM reboot only 1200 internet sessions are supported. (and this is a big problem in case license renew process is not yet completed)
Indeed here are located Palo Articles that explains how to proceed with license renewal process
Action Required:
To complete the credit renewal process, you will need to follow the instruction in the following document https://docs.paloaltonetworks.com/vm-series/10-2/vm-series-deployment/license-the-vm-series-firewall/software-ngfw/renew-your-software-ngfw-credit-license
Tech Docs:
Here it is a basic article related to Radius protocol, I am taking note, on blog, for future purposes and, in case, it would be useful for seomeone
https://techgenix.com/radius-protocol-authentication-management-guide/
Sophos Central endpoints has possibility, to update themselves, or send messages status, to a LAN server (that operate as Sophos Update Cache and Message Relay)
Alternatively Endpoints updates, themselves, to internet.
Here they are ports that are necessary to be opened (to permit previously behaviors)
https://support.sophos.com/support/s/article/KB-000035367?language=en_US
Here it is official Microsoft article that explain on how correctly configure Distributed Transaction Coordinator (DTC) working properly through firewall (and relatives ports to be opened):
During these days I was wondering if it is possible to disable the Cisco ASA VPN page and continue to use SSL vpn with the client. These question was rasing due to security concerns about, a.e., AD user locking out.
Using ASDM you need to follow below steps.
Configuration > Connection Profiles > Check the box "Shut down portal login page"
This features seems to be confirmed in this very exhaustive article too:
https://www.linkedin.com/pulse/shutting-down-webvpn-portal-ftd-flexconfig-matt-albrecht
[original articles]
https://community.spiceworks.com/topic/2114883-disable-anyconnect-ssl-vpn-portal-website
https://community.cisco.com/t5/vpn/disabling-clientless-browser-based-vpn/td-p/3065988
