General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! URL Filtering - Exception Policy based on Machine

Need a way to except a machine from the URL policy. Currently I can only find a way to except a user level however, I have one machine that is not on the domain that is used to communicate to several external services.

jharlow by L3 Networker
  • 3574 Views
  • 3 replies
  • 0 Likes

Shadow rule warning messages

Hi All, I have PA-5050 with version 6.0.9 with multi Vsys. I am migrating from perticular Vsys configuration from PA-5050 to PA-3050 physical box. I exported the config from one Vsys from PA-5050 to PA-3050. While committing on PA-3050 I can see shadow rule warning messages .. but where as same rules on perticular Vsys on PA-5050 , I am not se...

HA Preemption and Session Syncronization - you need HA2

For whatever reason I didn't see the need to configure HA2. But while testing HA I could not get preemption to work. I read everything I could find online and got frustrated that it would not let the designated firewall take back control automatically. I read the system log and bit more closely and found this entry: "HA Group 1: Ignoring session...

DTG123 by L1 Bithead
  • 3018 Views
  • 2 replies
  • 0 Likes

Christmas wishlist (DNS ALG, address space overlap, IPv6, alow nothing)

Dear all, To start with, i like to say i love working with aploalto, really nice platform. We are useing the paloalto as an sort of advance VPN concentrator with all the bells and whistles. I want to share some of the features i desperately lack that i never new i would need in my project. The reason i'm sharing is i would love to know who als...

Panorama local logging

Hi, we have a panorama which is not logging anything about system/data related to itself or the managed devices. Can you please let me know why this could be the case? I have logged into to the console SSH and typed show logging-status device * and I cannot see any counters or stats for any last log received, last log generated or last s...

Error downloading 7.0.4, with 7.0.0 previously downloaded

Hi, im thinking to go to PanOS 7.0.4 from 6.1.2. I have downloaded PanOS 7.0.0 correctly, but when i try to download 7.0.4 i get this error. I have downloaded the 7.0.0 version when i launch 7.0.4 to download. DetailsSuccessfully downloadedTransferring a copy of image to HA peerPreloading into software managerThe required '7.0' base image m...

ipsec

Hi Internet edge firewall is cisco asa .Behind Palo alto running in virtual vire mode. for some reason ipsec users cannot connet to outside . What we need to be done at palo alto side ?Thanks

sib2017 by L4 Transporter
  • 5849 Views
  • 9 replies
  • 0 Likes

You tube filtration issues

I'm at a bit of a losst and am writing to see if anyone else has experienced anything like this: I have a policy that allows unrestricted access to youtube.com via http/https. Accessing this rule is only allowed based on membership in an AD group. And in testing, it seems to work, when i add my user object to the policy itself. I don't access ...

bwsaloum by L2 Linker
  • 4168 Views
  • 4 replies
  • 0 Likes

User-ID Agent Installation

We have over 50 DCs in our environment that will need the User-ID agent installed. This is because logon events are logged locally on the DCs and we have multiple sites using a centralized Internet circuit at our data center. My question is this, is there a user-id silent installer for Windows server?

Not showing custom URL categories in the traffic Logs

Hello guys, In the detailed log view of traffic logs in the Category field I see always "any". I´ve never had URL filtering license so I created a custom URL category for filtering some URLs. I just would like to know why I´m no seeing in the logs the URL custom category I created and I always see "any" as category. Any idea?? Many thanks in...

Carracido by L4 Transporter
  • 4430 Views
  • 3 replies
  • 0 Likes

Resolved! Trusted Root CA Not Installed on Client?

This is on a PA-3020 running PAN-OS 7.0.4. I've always manually chained certificates when installed an SSL certificate for Global Protect. I decided to see if I could install the SSL certificate and the Intermediate certificates separately and see if it would work. I configured Global Protect Portal > Agent Configuration > Trusted Root...

  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels