General Topics

User-ID Agent not reconnecting after network outage?

We had a strange issue today.

We had a network outage which basically meant that all our DCs that run the User-ID agent were still running, and our PAN was still running, but there was no LAN between the DCs and the management interface on the PAN.

The

...

Resolved! Proxy-Arp behavior and NAT's

Hi All,

This problem is a little confusing to explain but I will do my best to lay this out. Keep in mind I have changed the IP addresses to keep examples simple.

I have a Palo Alto 2020 with a basic configuration. One internet connection and One LAN

...

Scheduled Log Export doesn't accept new SSH host key

Hi everyone,

today I reinstalled our syslog server which we use to archive the traffic logs of our PA-3020s (amongst some other things) and didn't import the old server's ssh host keys.

After updating the configuration for the Scheduled Log Export in t

...

Resolved! PAN OS 5.1.x branches - for whom they are?

Hello

Last time when I reported issue I see on selection list that branches 5.1.x of PAN OS's

I can download 6.0.0 and every from 5.0 but I can't see 5.1.x on Device > Software of my PA200 device.

Could someone tell me something more about 5.1.x PAN OS

...

Open a port

I am installing a caching server inside of my network. This caching server (PARCC Assessment) requires send and receive communication on ports 4480 and 4481. How do I open these ports for the particular private IP address of my server??

Resolved! X FORWARD FOR with USER ID

Hello

is it possible to use ip retrieved from the x forwarded header and combined with the user-id.

my aim is to filter access per active directorie usergroup, but I have a proxy implemented between the palo and the user device.

thank

Resolved! Blocking page with SSL

Hi

in the normal way palo could answer directly to the client device wiht the bloking page when url filtrering match the categorie.

but

when the application is SSL the palo couldn't answer with the bloking page and reset directly the session.

is it pos

...

App-ID not working properly

Hi All,

I'm working in Active/Active VWire mode, OS 5.0.9. version of PA is 5050.

while I'm trying to block applications, I noticed the applications are been blocked in monitoring, but in real nothing is blocked.

one more notice is that most of the web-

...

Resolved! Migrating fron PA-500 to PA-2050

Hello all,

Actually we have a PA-500 and we like to export the actual config and import it in the new equipment (PA-2050). How to do this?

Thanks and regards,

How to block the real IPs from CDN?

Is there any function that can makes the PA block the traffic of the real IP instead of CDN IPs?

We deployed the PA NGFW on the external side of our web server and enabled the Threat Prevention function. Because we are using the CDN, so from the web s

...

VWire

Hello i have the below design

Internet Cloud ------------------> Cisco ASA -------VWire1----------->PA----------VWire1---------->Core Switch

PA ----------------------->SWitch----------------------- >WAN Router

PA

...

Using PAN-OS 5.0.5 with User-Agent 6.0

Hi,

is it possible to deploy User-Agent 6.0 and still using PAN-OS 5.0.5. I want to avoid to many changes at one time.

I didn't find a clue in the release notes. Thx

Cheer Klaus

Resolved! Identified User and NAT

Hi,

for certain of our users is it aloud to use firefox. they are identified by their username. But if the want to go to internet they have to be "NATted" . It is possible and when how to create a NAT-Rule? What is known: username and the application

...