General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Idea searched to block NAT-Router

Hi, I have some clients who are installing a NAT-Router behind the Firewall to span their own WIFI. The NAT devices are from different vendors with different MACs. Has anyone an idea how to detect these NAT-devices irrespective of their MAC / IP-adress and how to deny all the traffic from these devices? My intent is to block all traffic, where I...

Ping identity with single sign-on, multiple users

Our support staff uses a single support portal login email and password to access our client's Palo Alto networks support. We have attempted to log in and are getting notified we need to download PingID. How would this work with multiple people using the same username? Can it be bypassed or how should we set this up for our support staff?

Resolved! VR override option. What is actually overridden?

Hi All, Looking into VR setting and could see some thins is overridden but not sure what is exactly. l didn't do this config before so not sure where to check these changes? OSPF cost? How can l find these changes in VR? Thx,Myky

OV.PNG

Resolved! interface flapping syslog severity info!

Hello, I am always wondering why an interface going down/up is being flagged by syslog as a severity : informational ! 2014/10/11 15:29:08 info port link-ch 0 Port 1: Down 1Gb/s-full duplex2014/10/11 15:29:08 info port link-ch 0 Port 2: Down 1Gb/s-full duplex How it is possible to modify this to critical and start...

Resolved! User-ID: gained access with run as admin

Hi all, several user have internet access and this depends on their user-id. some of them have admin-accounts and can run the ie as admin. the user logged into the AD as non-privileged user and this is controlled by the WMI-Process of the USER-Agent. But this construct didn't recognize when the user starts the IE with run as admin.is there a cha...

kdd by L4 Transporter
  • 9484 Views
  • 7 replies
  • 0 Likes

Resolved! Panorama CLI command to add a tunnel interface to a zone

Trying to use the Panorama CLI to edit a template and add a tunnel interface, and also assign it to an existing zone in the same template. Does anyone know the CLI command to do this? I can add the tunnel interface and assign it to a virtual router like this: configure edit template myTemplate set config network interface tunnel units tunnel.100...

External Dynamic List Limit

Ref: PA-5020PAN-OS: 7.1.5 What are the limits for External Dynamic Lists?Number of ListsNumber of Entries/ListAre EDLs entries and lists counted in the total number for URL filtering? The documentation does not reference EDLs... https://www.paloaltonetworks.com/products/product-comparison.html Please advise,

Disk space & OS upgrades

I regularly update the OS to the next recommended version every other month, and I was wondering if there was anything that has to be done to clean up the hard drive so as not to run out of space?

jdprovine by L4 Transporter
  • 11622 Views
  • 31 replies
  • 0 Likes

Chromebook / Chromium - security rules prior to login - network not available

Hi All, I'm a newbie on the world of Palo but can't find a way around this issue "yet" so was hoping for some advice. I have around 500 chrombooks and these are all tied into Google Directory services, they work fine etc etc. however i'm trying to have the devices work through the palo alto with user authentication for browsing which is tracka...

DNS aged-out, tcp-rst-from-client, and tcp-fin

I'm pretty new to Palo Alto products, and I just inherited one. I was having some small issues getting to a site (just a minute or two delay). When I went to the Monitor tab, and saw something that looked a little strange, but could be completely normal. There are a lot of these every second. Is it normal for a DNS to go to aged-out or tcp-...

DNSage-outEdit.png

SLR Report /AVR Report

Hello, after i geneate a "Stats Dump File" where i can upload this file to get the report?I cant find any tool or link do upload the file. Thanks

TCC by L0 Member
  • 4107 Views
  • 2 replies
  • 0 Likes

Floating ip on a single firewall?

Hi all,Here's a network design issue we have run into. Our network consists of a single 5050 that services two core switch routers. Each core has a single connection from itself to the 5050. They are OSPF routed interfaces. Users can traverse either core device to reach the 5050 and the internet. We have a new application that is hosted on a...

vnt90 by L2 Linker
  • 2570 Views
  • 2 replies
  • 0 Likes

Alternative for Checkpoint capsule

Hello, as security engineer i'm visiting many potential customers and some of them are Checkpoint oriented ones. The main obstacle to migrate to PaloAlto is in many cases - funcionality called Capsule - where employees can connect choosen service via simple mobile application without full vpn client connection.I was wondering if we can do simila...

  • 24395 Posts
  • 123 Subscriptions
Top Solution Authors
Labels