I want to be able to use a set of countries for some specific rules. Is there any way to create a group with countries?
Hi,I am quite new with Palo Alto and I try to filter disabled rules, so that I only see the enabled rules. I know that a lot of syntax can be found in the monitoring tab, but since enabled/disabled rules are not in it, I cannot find. It is on the Palo alto itself, not Panorama.
PA-5050 device with software version 4.1.6.In all my devices except one, I was able to create a new Administrator account (Superuser) with password and log on with the account to administer the device. The problem device allows me to create a new account like the others, but I get an "Invalid Username or password" error when I attempt to log on...
Hi,I keep getting this error when trying to connect with global protect, this pc is on the internal network. I should get the massage 'Connected Internal'...any ideas. I have included the log below and highlighted the line.(T3776) 04/24/13 09:46:14:861 Info (2249): winhttpObj, HandleHttpsRequest, cmdStr = (T3776) 04/24/13 09:46:14:861 Info (2268...
I am very new to the PANOS world so I will apologize in advance if this is obvious, however my search of documentation and knowledebase did not yield anything. I have been looking for a way to administratively shut down sub interfaces. Is this possible? While it's easy enough to shutdown a physical interface by assigning it's link-state we're no...
I've been testing the logging of change events to a syslog server from Panorama. Syslog events indicate a change made by a person and the general section of the change without giving any specific details of what was changed. Looking in Panorama in the Monitor tab I can see the change event and some details that are sent to syslog, but the deta...
Hi All,Is it possible to generate "email" alert when any user reaches the defined bandwidth threshold?Eg: Defined bandwidth threshold is 1 MB, if any user reach or exceeds the defined bandwidth threshold then the device should trigger a email alert to administrator. Note : I don't want to restrict any user to 1MB, but need onle alert if he excee...
I have Scheduled Log Export but it's failing. The system log reads "Failed exporting traffic log via ftp (last-calendar-day)".If I run the export command via CLI, it runs successfully.>ftp export log traffic start-time equal 2012/11/28@00:00:00 end-time equal 2012/11/28@23:59:59 to anonymous@hostnameAny ideas on why the Scheduled Log Export ...
Hello,When I configure two virtual routers on a PA-5060, how do I get them to see each others’ routes?Do I need to configure some kind of virtual internal circuit between the two routers?Thanks!
Hello All, I am a newbie to PA firewalls but have some experience with JunOS firewalls. I like the "commit confirmed XX" command on JunOS because it will revert a change after XX minutes if for some reason I get locked out. A good example is when changing speed/duplex on an edge firewall that I may get locked out of. Is there an equivalent com...
Dear PAN community,When a new 'Applications and Threats' signature is release there are typically two versions that have the same Version name (e.g. 350-1658) but then differ in the File Name and Features description.As a current example, Applications and Threats Version 350-1658 was released on 2013/01/15 and there are two of them, one with Fil...
Can someone please point me in the direction of any documentation for integrating PA firewalls with Aruba Clearpass. Understand Clearpass has a direct path into the API without the need for any programming?
Hi,I`m trying to delete a sub-interface from CLI but cant seem to find the correct command, i managed to remove the IP address and tag but not the entire sub-interface.admin@PA-200# delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.20 Server error : ethernet1/4.20 cannot be deleted because of references from:import -> net...
Hi I'm configuring a new PA-500 and have it working for source NAT going from Tusted to Internet. Now I want to create a destination NAT rule to allow traffic in to a web server located on the trusted net. I have created a rule almost exactly as it shows in the Admin guide but I'm getting the error - “nat rule “Incoming Web”: Mismatch destinatio...
Hi there,I try to implement QoS on Tagged VLAN sub-interface. Found some configuration on main interface but not sub-interface one.Any suggestion? ^^Thank you
