General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 490 Views
  • 0 replies
  • 0 Likes

Resolved! User-id and re-identifying auto logon users

We have a fairly large group of thin clients that auto logon to a user account that is used for launching their Citrix desktop. We are also using the PAN firewall to use NTLM (browser-challenge) for captive portal for internet access for all users. W

...

ldavie by L2 Linker
  • 6857 Views
  • 4 replies
  • 0 Likes

User-id not updating mappings fast enough

We have 2 user-agents deployed that read the AD logs and the PA7050's connect to the user-agents. The agents are running 6.0.7-10 and the PA7050's running 6.1.4.

We are having a problem where mulitple machines across various networks are using a "gene

...

Integrated User-ID Agent vs. Windows Service?

We're running 5.1 right now and plan on upgrading to 6.1 over the next couple of days.

Historically we've used the Windows User Agent on two of our domain controllers, but today I switched to the on-board Integrated User-ID Agent and set it up, and ot

...

Resolved! Monitoring Accessed URL's

Hi Everyone,

We have the URL filtering license, I am trying to log all websites that a user access, however, I noticed PA only logs websites which the user fails to access due to a URL filtering policy, ie only websites that are blocked from the user

...

rsaber by L1 Bithead
  • 5364 Views
  • 3 replies
  • 0 Likes

User-ID ignore multiple users - agentless or agent

Hi,

I've got an installation with approx 70k+ users, where user-id is an important factor. I want to ignore all user with prefix adm or svc in the user name(admin and service accounts) from user-id, to avoid getting unwanted ip-user-mappings. I have t

...

torm by L4 Transporter
  • 5140 Views
  • 3 replies
  • 0 Likes

Resolved! Static user-id to IP-address mapping

Hi All,

Is there a way in PanOS 6.1.x to manually map  a user-id to an ip-address.

Or is there a way to set an IP-address to be exempt from the user-id mapping policy.

I have PA-500s being staged behind a generic firewall inside a production network wit

...

Meru Integration with PANOS 6.1.5

HI Folks,

We're trying integrate our Meru system with Palo Alto Networks. but can't find any documentation.

As far as i can see we have two options:

- Radius

- Syslog feed straight to the PA device.

Has anyone created the regex's / parsers for Meru and Sy

...

Conditional URL Blocking

Hey guys...so I have a request  - Users in my company who are not up to speed on corporate training will be added to the "corp\DelinquentUsers" AD group.  I need to make sure that these guys are only allowed to go to 5 websites while they are part of

...

Resolved! Agentless UserID no longer maps users

Hello all,

I've had Agentless UserID working fine for over a year now.  Last week our PA-3020 running 6.0.3 stopped being able to identify users which it then started blocking all Internet browsing because it thought everyone was unauthenticated.  Not

...

ClintL by L2 Linker
  • 4081 Views
  • 3 replies
  • 0 Likes

Agentless UserID in a MultiDomain Environment

My first question would be is it possible to configure a firewall with no vsys license to query more than one domain without deploying the UserID windows agent?

My second question would be if yes then how given that there is only 1 WMI authentication

...

CHammock by L2 Linker
  • 2905 Views
  • 2 replies
  • 0 Likes

How to convince PAN to know UID mapping for all vsys


Hi,

We use multi-vsys and XMP API for UID. It works fine for vsys1. We use this sintax for login:

<uid-message>

     <version>1.0</version>

     <type>update</type>

     <payload>

          <login>

               <entry name="user1" ip="10.1.1.1" timeo

...

Labels