General Topics

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

A general web proxy server deployment with PAN box

Hi All, I think this topic has been discussed in the past, but I want to be clear about this deploymentsince web proxy server design is still typical in many customer's live network. So please allow me to bring this again.2 basic deployments are ment...

Resolved! PA-500 webserver crash

Hi,Can someone please tell me how to troubleshoot extremely slow web reports? Logs are fine, but ACC and Monitoring -> App Scope items just keep loading and loading and loading and im basically locked out of management every time i click on a menu it...

VoIP Traffic, strange behavior, need help to understand please.

Greetings All,I have an issue where we are seeing some strange issues with VoIP traffic.Device: PA-2020S/W Version: 4.1.9VoIP Provider: Foehn IP Telephone systems.Latest Application version.A new VoIP system has been deployed which has SIP traffic pa...

Resolved! The use of use-cache-for-identification introduced in PANOS 5.0.2?

According to the release note for PANOS 5.0.2 (released 2013-01-15):"47195 – When the App-ID cache feature was enabled in previous releases (enabled by default), it was possible to pollute the cache to allow some applications to pass through the fire...

Resolved! Security/App-ID Bypass?

Can someone within Palo Alto Networks comment on this video? This seems like it could be an easy attack vector...Palo Alto Networks Security Bypass - YouTube

Resolved! User ID agent issues, one user logs off, another user "logs in" a gets the previous users ip address", times out eventually

3 questions:Why does the Agent (and PAN) not get updated when a new user logs in?What is the purpose of the “Enable user Identification Timeout” and the corresponding “User Identification Timeout (min.)” in the Agent? What will be the result if we di...

Resolved! Maint partition is empty

Hello, I have two PA-2020 in an HA Active Passive scenario. Just looking around in my CLI, I noticed that the maint partition is empty on one of my nodes, but has an older 4.0.3 on the other node.Partition State Version-------------------------------...

In 5.0.1, what is the full URL to the various captive portal pages?

Hey everyone,I'm using a PA-2020 on the latest version, 5.0.1. I need to be able to test the end-user experience with Captive Portal. I am also extending some effort to customize the various result pages that users will see, so I need to be able to v...

Resolved! HA recovery advice after upgrading Active first

Being a newb and never having updated my Active/Passive HA pair, I took the 4.1.10 release notes at face value. There is no mention of special provisions for HA upgrades so I clicked "install" and now have a 4.1.10 Active member and a mismatched 4.1....

GlobalProtect user mapping not working

Hello.We're having problems with user mapping for GlobalProtect users.In this case there are 2 users connected to PA device, yet mapping isn't working for either of them: (IPs and names deleted from output)astec@fw1(active)> show global-protect-gatew...

Monitoring PA-2050 (CPU, memory, Traffic volume, State)

Hi,I have two firewall PA (active/passive cluster) and i would like to monitoring several parameters like:- CPU- Memory- Traffic volume of all physical interfaces and subinterfaces- State of the FWS, etc.Which is the best way to monitoring a FW Palo ...

Resolved! Maximum number of virtual wire on PA 500

Hi all, I try to found the suitable PAN model for support my environment. I design PAN to support 2 virtual wire and 1 NAT network. I'm not sure that PA 500 will support 2 virtual wire. I prefer throughput and session number that support by PA500. Th...

Resolved! issue downloading release notes

I've been having issues downloading release notes regularly. The download doesn't even start, no matter if initiated from the support page or from the PA UI (Device-Software).Not a policy issue...Anyone else noticed that ?

BGP Route Table

So in discussions with a few customers the BGP functionality has come up when peering with ISPs and replacing dedicated BGP equipment. The route table size on the PAN5060 is roughly 64000 routes. Most Universities have tables upwards of a 1/2 Million...

Resolved! Ruby on Rails vulnerability CVE-2013-0156

When can we expect a content release to address the Ruby on Rails vulnerability CVE-2013-0156?

Forum Posts

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19