General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 423 Views
  • 0 replies
  • 2 Likes

Resolved! Cannot find AD group in "source user" tab

Hi All,

 

I have added two new AD group, on DC.

I can clearly see them in group mapping setting:

 

 

While in "source user" tab:

 

 

What can cause this behavior? When the AD group will be available in "source user" find?

 

Suggestions?

 

BR

Luca

Group_Mapping_OK.JPG
Deny_internet_not_found.JPG

Vwire design considerations and issues

We recently purchased a pair of PA-5050s, and had a VAR implement the design recommended by our Palo SE. This design has lead to many challenges and issues, and I'm now questioning wether we made the right design choice.

 

Prior to purchasing the Palo,

...

dbrody by L1 Bithead
  • 3978 Views
  • 5 replies
  • 0 Likes

Application incomplete Site to Site VPN

Greetings,

 

I wish to run an issue that one my sites is experiencing with a site to site VPN. The issue that is experienced is that some applications mainly mail application will show up in the logs as incomplete. I will aim to give you the full pictu

...

Resolved! Custom url feeds

Is there any sort of documentation surrounding things like adding a custom url in? I'm thinking I'll have to dig into the file system but was wondering if there is anything documented as to what to do.

 

Say I have an ip list at http://somefancywebsi

...

chirss by L3 Networker
  • 4721 Views
  • 3 replies
  • 0 Likes

Misidentification on App-ID

Has anyone experience the App-ID misidentify existing Apps? Here is the problem we are having. I have rules allow SMTP (Application-Default) from the Mail Firewall to Exchange. Since yesterday (9/21), the firewall is identifing all the SMTP traffic a

...

PAN-OS 7.0.9 any issues on PA-5050?

Hi Guys,

 

Looking to upgrade HA pair active/passive from 6.1.12 to the 7.0.9. 

Anything that l should be aware of. I am checking known issues and release notes. Same for the security advisory. But maybe something from your experience (issues that curre

...

VPN / Proxy Traffic

We can see traffic associated with VPN and Proxy but this information is not included in reporting.   (ex.  Hotspot Shield)

Resolved! Determine type of data

Minemeld seems very nice, I'm trying it out in a vm.

 

One thing I'm having a problem with is determining if the information retrieved is going to be an IP list or domain list. Does the processor care if it gets multiple kinds of data?

 

Any other ti

...

chirss by L3 Networker
  • 3219 Views
  • 3 replies
  • 0 Likes

Netflix iOS tcp-rst-from-client

I'm having an issue with Nexflix not running on an iOS device behind a new PA install. Basically no filtering should happen from the PA at all; Nexflix runs fine with no PA in line.

 

The configuration, which has most other applications and web access

...

stuart.l by L2 Linker
  • 3430 Views
  • 1 replies
  • 0 Likes

Resolved! IKEv2 and PPPoE

Hello,

 

Is there a limitation within the ipsec subsystem on the PA? Not being able to assign the ip address assigned to the unit via PPPOE to the tunnel.

 

 

As below I have setup a static address on the interface, which is not available above:

 

 

 

Thanks

...

IKE.png
Farzana by L4 Transporter
  • 3927 Views
  • 3 replies
  • 0 Likes
  • 23695 Posts
  • 110 Subscriptions
Top Solution Authors
Labels