General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Panorama LDAP group mappings not updating for user-id

We have user-id setup and every cluster with a designated master device for user-id mappings. I have the group mapping of the new AD group showing in the gateway itself, however when I go to implement the group in a policy in panorama, it will not display the new group. I have done a forced refresh on the gateway and refreshed the panorama but w...

VPNC Ports?

Hi all, I have enabled VPNC for my Linux users who cannot use GlobalProtect. Does VPNC use port 443 like globalprotect? Can't seem to find any information about this on the web. -Matt

mmclimans by L3 Networker
  • 2912 Views
  • 1 replies
  • 0 Likes

How to restart the OSPF Process

Hi, I'm trying to do some debugging of some OSPF troubles that we are having and I'd like to restart the OSPF process to see the neighbors comes up and the LSA exchange. How do I do this via CLI? On a Cisco router it would be "clear ip ospf process X", but I can't find a Palo Alto equivalent. Thanks

GlobalProtect Client not Connecting

Hi All, I'm experiencing a problem with GlobalProtect and I'm hoping I can get some assistance. I'm able to log on to the GlobalProtect Gateway. I successfully log in and Download the agent. However, when I click 'Connect'. I get an error that says: 'CONNECTION TO SERVICE SOCKET FAILED'. I tried collecting logs from the GlobalProtect clien...

Bocsa by L3 Networker
  • 8226 Views
  • 3 replies
  • 0 Likes

Resolved! Old OS versions

I have serveral version of the OS under the device\software tab, is there first any harm to deleted old unused ones and will I regain disk space, a usefull amount?. I want to keep more logs on the box and am looking for ways to increase the space for logging. Any suggestions will be appreciated.

jdprovine by L4 Transporter
  • 5483 Views
  • 2 replies
  • 0 Likes

Unable to remove custom report from Reports.

When I go to Monitor->Report tab . Under Custom Reports I see 3 reports. One of the report test_report shows in there but is not in my Manager Custom Reports. I tried deleting it using delete report custom scope 1 report-name test_report file-name * I am getting an error. Server error : unable to remove directory for 'test_report'

Highlight Unused Rules

HiWe're running 4.0.1 in a test environment. We have a large Checkpoint rulebase that we will export. It ideally needs a rule tidy up to remove unused rules and objects.Can someone describe how the "Highlight Unused Rules" tick box option on the policy page works. Yep, I know it sounds obvious!! But what is it based on - the logs? If so how far ...

fmd by L3 Networker
  • 6863 Views
  • 5 replies
  • 2 Likes

Netflow data - How often is it exported to a collector and..

Our firewall is setup to export Netflow data to Nagios Network Analyzer. We need to know: a) How often is data exported from the Palo Alto to the NNA collector, and b) How large are the packets sent from the Palo to the collector Any ideas on where to find this information?

LShelton by L1 Bithead
  • 5726 Views
  • 7 replies
  • 0 Likes

PAN-OS Bi-Directional NAT and Nintendo Online Gaming

I have a couple of Nintendo consoles on the network which would like to connect for online gaming. I am on a cable connection so am using Dyndns lookup for my external-IP. I have the following Bi-Directional NAT policies configured. Application Group Security Policy NAT Policy It seems to work with the Wii U but not with the 3DS...

screenshot_25.png
screenshot_26.png
screenshot_27.png

Resolved! Decrypting Dropbox

Hi,I want to decrypt Dropbox but it doesn't work. I have a catch-all decrypt policy that decrypts any-any SSL. It works fine except for Dropbox. My understanding is that Dropbox is on the PanOS internal exception list so decryption is supposed to be disabled automatically for DB. Looking at my traffic logs, I can confirm that application dropbox...

Global Protect Routing Table

Currently for Global Protect we route all traffic through the firewall. Is there a way we can add IP’s to the routing table for GP clients only? For instance, add GoToMeeting IPs and have all that traffic go out the Internet. Is this possible?

rrau by L3 Networker
  • 6474 Views
  • 1 replies
  • 0 Likes

K-12 - QOS with PARCC Testing

Has anyone looked into doing any QOS for the PARCC assesment testing? Right now I'm not doing any QOS on our 5050, but think it would be a good idea to do something so the testing gets priority over some staff member watching Netflix during their break period.

bbilut by L3 Networker
  • 2185 Views
  • 2 replies
  • 0 Likes

user to ip mapping with LDAP

I have a pa 3020 running 6.0.8 doing LDAP lookups to multiple edir servers, I have many users that PA shows as unknown but when I look on the server I see they are logged in x.x.x.x Why does this work for some but not all? I have done the following: debug user-id refresh user-id agent all debug software restart user-id show user server-monit...

ccboe by L0 Member
  • 2304 Views
  • 2 replies
  • 0 Likes
  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels