This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

User-ID causing high CPU

Hello People, My client has receently upgraded to 7.1.3 and now the management plane is constantly running 100% on all firewalls. This is the following message displayed and filling up the userid.log 2016-07-22 16:43:38.660 +0100 Error: pan_user_id_agent_msgs_queue_msg(pan_user_id_agent_msgs.c:58): failed to insert msg into sending msg list We...

Looking to Learn Palo Alto

Looking for advice on cheapest way to learn Palo Alto? I am a consultant and dont have any Palo Alto licenses. Is a VM lab license affordable, is there trials or is ebay the best option? Thanks in advance!

daveram by L0 Member
  • 7035 Views
  • 8 replies
  • 0 Likes

VM-200 can't reach vSwitch from L3 interfaces (vSphere/VMWare)

Hi, I only can reach the mgmt interface. But not the other L3 interfaces, I tried setting those IPs @ the same vSwitch where the mgmt interface resides, but nothing. There are 2 Windows VMs (2008/XP) they see each other in any switch I configure them, but I can't get this work with the VM200 at VSphere. I tried setting it locally and the same r...

NRikle by L0 Member
  • 2467 Views
  • 1 replies
  • 0 Likes

PA Eval license in Unetlab

Hi I want to test PA in Unetlab 10.0-12https://nbctcp.wordpress.com/2015/06/26/bypass-firewall/But I don't have URL Filter eval license. QUESTIONS1. how to get eval license for 2 PA because I also need to test OSPF between 2 PAs2. with eval license beside URL Filter, what other features I can test tq

nbctcp by L1 Bithead
  • 3448 Views
  • 3 replies
  • 0 Likes

PA-200 Cable modem VPN sites needing a power cycle to restore connectivity

I have multiple remote sites that connect back to a main site through PA-200's, using Charter Communications cable modems. At various times the PA's stop forwarding traffic. I can no longer reach the PA's and I have setup management on the outside ip addresses. The only way to recover from this is to have someone at the remote site power cycl...

Resolved! How to add more one secondary NTP server

Hello community, It is possible to add more one secondary NTP server ?I need to add two ips (ntp server) like a secondary ntp servers, it is possible? In PANOS 6.1.10. Best RegardsAndres Padilla

Apadilla by L3 Networker
  • 3042 Views
  • 2 replies
  • 0 Likes

How to prefer 1 ISP for one application

I got why huge traffic is coming to port 3978.Application is identified as Panorama.Its hge Gbs of traffic in one session.The source IP is firewall management Ip and destination is Panorama IP.But why i need to kill this session means, we have a setup of 2 ISPs. We prefere this traffic should go through 1 ISP only one ISP.Tht we accomplish throu...

UserID What's the best practice for configuration crossing multiple firewalls

Hello,We are starting to deploy UserID based policies across our enterprise.I'd like to know what is the best practice when dealing with rule policies that cross multiple zones/firewalls that are in different locations?Does the user portion of the rule only need to be as close to the client then go to network rules in between the firewalls and r...

Adding IOCs to URL Filtering

Hi PAN Live Community, If I add additional IOCs (URLs/Domains/IPs) to our current active URL Filtering Profile, how do I make those new IOCs take affect? Besides committing the changes to the added IOCs, do I need to re-apply the this profile to the Security Policy (in the Policies tab?) The reason I'm asking is because (if memory serves me righ...

eliang by L1 Bithead
  • 3108 Views
  • 3 replies
  • 0 Likes

Resolved! Error in threat signature, how do I report?

Hi All, I recently came across an odd log for a customer of mine and after much analysis and research I have found that it is actually a false positive on Palo Alto's side regarding the signature of a threat. How do I go about report this? I am unable to open cases my account isn't associated with a company. Thanks in advanced for any help!

Resolved! Why does the ip-user-mapping distinguish DP and MP?

Hello suddenly, I am wondering that ip-user-mapping have two table[DP, MP] After connecting to AD Server to get Security logs, Why PAFW get that table seperatly,? I think there are reason, and I don't know well about relating to DP, MP If DP was restart about someting problem, Would PA be able to get user information through MP? Do I think...

John_Lee by L2 Linker
  • 5813 Views
  • 4 replies
  • 0 Likes

2016 - Live Community survey. Let us know what you think and get a chance to win a VM-100!

Hello Live Community users, You might have seen it in your inbox...our 2016 Live Community survey is out! We're conducting this survey to improve our community and your input would be greatly appreciated. If you have not replied yet, click here to start the survey. It should only take 5 minutes and you could win a Palo Alto Networks VM-1...

carnould by L4 Transporter
  • 2700 Views
  • 1 replies
  • 1 Likes

Resolved! In which vsys to place aggregate interfaces?

Hello, I have multi-vsys system with multiple aggregate interfaces (L3). I am going to configure multiple VLANs on each aggregate interface and place them in different vsys. My question is where to place the aggregate interface itself. I was planning to leave it in admin vsys1, but is this supported design? Thank you.

HAL9000 by L1 Bithead
  • 3875 Views
  • 3 replies
  • 0 Likes

PA and AD Integration

My PA is experiencing a lag between when user accounts are modified in the AD group used for VPN authentication and when the PA begins enforcing the new account settings. Is this fixable? What is the maximum lag that I should be seeing? Is it possible for an account to be disabled in AD and there be a lag between when the user can no longer l...

RustyPA by L1 Bithead
  • 2131 Views
  • 1 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks