General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.


How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature


JayGolf by Community Team Member
  • 2 replies

Resolved! User-id and re-identifying auto logon users

We have a fairly large group of thin clients that auto logon to a user account that is used for launching their Citrix desktop. We are also using the PAN firewall to use NTLM (browser-challenge) for captive portal for internet access for all users. W


ldavie by L2 Linker
  • 4 replies

User-id not updating mappings fast enough

We have 2 user-agents deployed that read the AD logs and the PA7050's connect to the user-agents. The agents are running 6.0.7-10 and the PA7050's running 6.1.4.

We are having a problem where mulitple machines across various networks are using a "gene


Integrated User-ID Agent vs. Windows Service?

We're running 5.1 right now and plan on upgrading to 6.1 over the next couple of days.

Historically we've used the Windows User Agent on two of our domain controllers, but today I switched to the on-board Integrated User-ID Agent and set it up, and ot


Resolved! Monitoring Accessed URL's

Hi Everyone,

We have the URL filtering license, I am trying to log all websites that a user access, however, I noticed PA only logs websites which the user fails to access due to a URL filtering policy, ie only websites that are blocked from the user


rsaber by L1 Bithead
  • 3 replies

User-ID ignore multiple users - agentless or agent


I've got an installation with approx 70k+ users, where user-id is an important factor. I want to ignore all user with prefix adm or svc in the user name(admin and service accounts) from user-id, to avoid getting unwanted ip-user-mappings. I have t


torm by L4 Transporter
  • 3 replies

Resolved! Static user-id to IP-address mapping

Hi All,

Is there a way in PanOS 6.1.x to manually map  a user-id to an ip-address.

Or is there a way to set an IP-address to be exempt from the user-id mapping policy.

I have PA-500s being staged behind a generic firewall inside a production network wit


Meru Integration with PANOS 6.1.5

HI Folks,

We're trying integrate our Meru system with Palo Alto Networks. but can't find any documentation.

As far as i can see we have two options:

- Radius

- Syslog feed straight to the PA device.

Has anyone created the regex's / parsers for Meru and Sy


Conditional URL Blocking

Hey I have a request  - Users in my company who are not up to speed on corporate training will be added to the "corp\DelinquentUsers" AD group.  I need to make sure that these guys are only allowed to go to 5 websites while they are part of


Resolved! Agentless UserID no longer maps users

Hello all,

I've had Agentless UserID working fine for over a year now.  Last week our PA-3020 running 6.0.3 stopped being able to identify users which it then started blocking all Internet browsing because it thought everyone was unauthenticated.  Not


ClintL by L2 Linker
  • 3 replies

Agentless UserID in a MultiDomain Environment

My first question would be is it possible to configure a firewall with no vsys license to query more than one domain without deploying the UserID windows agent?

My second question would be if yes then how given that there is only 1 WMI authentication


CHammock by L2 Linker
  • 2 replies