General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Thank You for Filling Out the LIVEcommunity Experience Survey!

If you've visited LIVEcommunity anytime recently, you've probably seen a pop-up asking for your feedback. We've deployed this survey since April 2020 for new and returning visitors alike as a way to gather feedback from our users. 

 

In the past six

...

survey-livecommunity.png
jforsythe by Community Team Member
  • 14570 Views
  • 1 replies
  • 4 Likes

What is the default syslog format in PanOS 5.x?

For all the various log types (config, system, threat, traffic, HIP) what is the default syslog format?

All the fields are available to edit in when creating a custom log, but it would be useful to have the default format defined for reference.

bds by L0 Member
  • 1045 Views
  • 1 replies
  • 0 Likes

external captive portal

I'm thinking about trying something a little out of the square with user-id and captive portal. Let me start with the context and business goal:

  • The PAN is deployed as a data centre firewall.
  • I'd like to use some policies that permit clients access to
...

Global Protect 2-factor Auth & User-ID Mapping

Hi All,

I'm migrating from ASA to Palo Alto including user VPN access (AnyConnect).  The setup will be 2 factor authentication with LDAP/Kerberos (not sure which yet) for the portal and OTP via RADIUS for the gateway.

The current setup allows access li

...

mausmus2 by L3 Networker
  • 1149 Views
  • 1 replies
  • 0 Likes

Resolved! Deepnet 2-factor Authentication

Hi Everyone,

I have a client that is migrating to Palo Alto firewalls.  I'll be implementing Global Protect SSL VPN replacing the existing Cisco Anyconnect.

The client utilizes DeepNet 2-factor authentication for SSL VPN.  I was wondering if anyone had

...

mausmus2 by L3 Networker
  • 1389 Views
  • 3 replies
  • 0 Likes

Resolved! Creating application groups

Is there a way to create an application group that will dynamically add applications as they are updated?

For example, I want to create a P2P application group that gets denied. Can I create a filter that says any application that is classified as P2P

...

Eval question

Given a flow and properly written policy to allow Facebook and its myriad apps/widgets on port 80/443, other than the admin management overhead (i.e., having to open ports 80 and 443), how is what Palo Alto does different from what Checkpoint does?

Th

...

derasa by L0 Member
  • 696 Views
  • 1 replies
  • 0 Likes

Resolved! Global Protect on Mobile Devices

GP v2.0.1.  Successful authentication is based on a particular AD user group.  If the user is not part of the group, he/she would be able to connect.  We want to implement this solution for smart devices.. however, how can we control who connects and

...

rrau by L3 Networker
  • 2483 Views
  • 10 replies
  • 0 Likes

Management server restart

Hello

Today I observed that when I try to logon to my PA200 I got error "Connecting to Management Server failed", when I try to logon by SSH "System initializing; please wait...."

After few minuts a was able to logon by browser and putty.

In system logs

...

_slv_ by L4 Transporter
  • 6669 Views
  • 5 replies
  • 0 Likes

Guest VLAN issues with externel services that we offer

Here's what we need to accomplish:

We have subnets on our networks that need to use our external DNS server (they are Guest VLANs for our WiFi networks). This traffic is visible by our paloalto firewall with layer 3 adresses (10.XXX.30.0/23). When we

...

Global Nat

How can you determnine what the global nat address is on a firewall?

infotech by L4 Transporter
  • 832 Views
  • 4 replies
  • 0 Likes

Resolved! How to setup multiple vpn?

Hi,

In our enviroment we have since a month a PA500. We setup VPN with pre-logon with certificate for our internal users, which is very handy!

But for our external users I want, they use there AD credentials. Is it possible to setup multiple VPN's? One

...

ZEBIT by L3 Networker
  • 2750 Views
  • 10 replies
  • 1 Likes

Wire shark

I am trying to troubleshoot why I am having issues with a certain VPN router device through the PA 3020 firewall, This is the message on the packet capture

ISAKMP Identity protection (main mode).

I am new to firewall and if there are any other troubles

...

infotech by L4 Transporter
  • 1198 Views
  • 5 replies
  • 0 Likes

Ping

Can you send ping test from the PA and if so how is that done?

infotech by L4 Transporter
  • 980 Views
  • 2 replies
  • 1 Likes
Top Liked Authors