General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

User-ID Group Mapping for Multi Domain Single forest

Hi everyone. I'm trying to setup a User-ID installation for our multi-domain Active Directory environment. Here is a rundown on what we have DomainA = Workstations, groups, users, servers, etc. The main domain where everything is conducted DomainB = legacy domain where some user accounts are located. I've installed the User-ID agent on a Win...

Resolved! Manual failback for PBF

Is there a way to force PBF rules to have to be manually failved back? As it is now, if our primary ISP fails, we failover to a secondary ISP using PBF. However, once the primary is back up, things fail back to it immediately. We would like to prevent the immediate fail back and not use a timer. ISP recoveries often times flap for a period of ti...

cburke by L1 Bithead
  • 7488 Views
  • 9 replies
  • 0 Likes

Losing group mappings suddenly

Hi, We have a PA3020 with PanOS 6.1.10. We are having problem with any groups, suddenly the Palo Alto loses group mappings in 2 groups and the rule stops matching, we dont know why PA stops identifying the groups. I have checked the useridd.log file and i see these errors in the groups...why? Error: pan_ldap_ctrl_search_single_group(pan_l...

Aggregate Ethernet Considerations

Hello Everyone, I just want to double check my understanding of AE interfaces limitations indicated below. Appreciate your feedback. 1. I cannot mix 1G copper interfaces with 1G fiber interfaces in the same AE. Is this correct for all platforms and OS versions? 2. I cannot create more than 8 AE interfaces on the same box. Is this correct...

Resolved! Unable to commit config - Invalid Auth Profile After 7.0.5 update

Hi, We recently updated to 7.0.5 and I cannot commit changes anymore. Error: ______________ Invalid global authentication profile POV-Auth-Profile, only radius auth profile or auth sequence is supported. Configuration is invalid Validation Error: deviceconfig -> system -> authentication-profile 'POV-Auth-Profile' is not a valid refere...

PCoIP traffic getting dropped because it's using SSL

I have VMWare View clients and I'm trying to set up the rule with the vmware-view App-ID, but the traffic gets dropped at PCoIP. The PA logs are showing tcp/4172 as SSL, even though PCoIP has port tcp/4172 defined. Is this an issue with the App-ID not identifying secure PCoIP?

Maxstr by L3 Networker
  • 10965 Views
  • 13 replies
  • 0 Likes

Globalprotect and simple SSL VPN?

It appears that, after a user has authenticated to a Globalprotect portal for the first time, they are prompted to download and install client software. Does Globalprotect (or Palo Alto in general) provide the option of simple client SSL VPN? ie; when a user logs in, an applet is invisibly downloaded and installed in the background to provide VP...

Upgrade 6.1.x to 7.0.x

In the release notes of 7.0.5-h2 there is now this information: Before you upgrade to PAN-OS 7.0.3 or a later PAN-OS 7.0 release, you should review the information about how to upgradea firewall to PAN-OS 7.0. Additionally, if virtual system (vsys) configuration is not enabled on your firewall or appliance, youmust reboot your firewall or appl...

Anon1 by L4 Transporter
  • 9133 Views
  • 10 replies
  • 0 Likes

Bug in password-string when using GlobalProtect with LDAP?

We had some users, who were not able to use VPN. they alway got XML parse-errors in the GlobalProtect Agent log. We finaly found out, that this users had '<' or '>' in theire passwords. when thy changed theire passwords in some string without these characters, the xml-errors disappeared and thy could login. we are using GlobalProtect Age...

inheco by L0 Member
  • 3045 Views
  • 2 replies
  • 2 Likes

PA-VM Update Check Fails

We have recently deployed PA-VM to ESXi for testing and we have found that any attempt to upgrade the unit fails with a very vague message. cfg.platform.serial': NO_MATCHES 'cfg.general.vm-mode-type': NO_MATCHES 2016-03-10 09:14:42.447 -0800 updater error code:-1 2016-03-10 09:14:48.140 -0800 Error: refresh_uploaded_image_info(pan_ops_common.c:...

xandout by L1 Bithead
  • 12473 Views
  • 10 replies
  • 0 Likes

IP SLA - but not dual ISP. Receiving and Forwarding from the same Interface.

hi, I know PA doesn't have IP SLA and i've read documents that talks about using VR and PBF to handle dual ISPs.this works with an ASA but not sure how to do it with PA. But there's a slight difference on my implementation and it seems to fail with a lot of SSL sites: I have two links at each site.First Link, ISP <----> Palo alto (10.1.1.1...

  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels