This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

IP confilicting error

Hi We have configured HA pair on our two PA-VM200 Palo alto firewall. Now IP address of my interfaces eth1/1 (inside 10.1.1.1) and eth1/2 ( out side 10.1.1.2) are showing same as primary 10.1.1.1 on both firewalls and I am getting IP confilicting error. Any idea ? Regards,

User-ID Agent Windows 2003 logon events

Hi all, I sometimes have a really hard life mapping domain users with old Windows 2003 forests using UID Agent (no matter if version 6 or 7)) I'll try to explain: when and only when using UID Agent I cannot read all users logon events or, worse, I can't read users at all, ending up having not all domain users transparently mapped and issues with...

GlobalProtect - PW Prompt when LDAP Auth is down.

Hi all, I tried support on this, didn't get much help. I am using PANOS 7.0 and GlobalProtect 2.2.1 I have a couple hundred GlobalProtect clients using Windows. I am using pre-logon (always on) with LDAP authentication. The goal is to have the GlobalProtect clients to stay connected to the gateway at all times, or keep trying to c...

snippet1.png
snippet2.png
snippet3.png
mmclimans by L3 Networker
  • 9847 Views
  • 9 replies
  • 0 Likes

Dual NIC - IP Mapping Issue

This appears to happen at random to a random subset of users.Environment:> 160 AD DCs4x UIAs (2 - 80 DCs / 2 - other 80 DCs)Assume:All possible DCs that a user would authenticate to are being monitored by the agents.Scenario:When users with laptops come into work in the morning, dock and start their computer up. Their computers (Win7) have b...

Auto upgrade on OS

It looks like an upgrade for the os comes out about every other month, has anyone come up with a way to automate the upgrade process and can you recieve email notification of when new os's come out

jdprovine by L4 Transporter
  • 2680 Views
  • 2 replies
  • 0 Likes

Resolved! Custom Report group by problem

Hello everybody! I am trying to make a custom report to see which users are using our VPN and when. I only need the user and the date, so using the database "Traffic log" is enough. I have only 2 columns selected: Source User, and Date. The run now shows what I want, so that part works. Now, I want to "Group by" Source User. I select it, clic ...

nsatc.net shows as spyware?

I have a ton of entries in my spyware logs for DNS attempts to nsatc.net Some digging suggests this is a site run by Microsoft related to Windows Updates. False positive?

PCI Vulnerabilities Report

Dear Friends, panos, panagent HULK hshah Steven Puluka hyadavalli mmmccorkleI have a doubt regarding PCI vulnerabilities scan and enable the signature for the same. when security team scan our WAN interface. he found below 1. SSL Certificate - Self-Signed CertificateVULNERABILITY DETAILSCVSS Base Score: 9.4CVSS Temporal Score: 6.9Severity: 2QID:...

Satish by L4 Transporter
  • 15766 Views
  • 16 replies
  • 0 Likes

GlobalProtect Data File

I can't get the GlobalProtect Data File to download. I have it scheduled to update hourly for a couple of days already but nothing. If i click 'check now' I don't get any version to download. I didn't find anywhere to download it manually. Dynamic update finds the new version but doesn't download it with 'No ETAG from response' error message. ...

santonic by L6 Presenter
  • 4386 Views
  • 6 replies
  • 0 Likes

Bulk upload of set commands in PAN-OS

Hello All,I'm working on a migration that requires me to breakout one large SRX config into a PAN-OS config while implimenting multiple VSYS instances. I am managing the configuration via Panorama, so I've got a base config out of the migration tool for the policies and I have that in a conversion device group. I'm using a CLI output of set co...

dan731028 by L3 Networker
  • 6574 Views
  • 1 replies
  • 0 Likes

Resolved! CLI - invalid syntax errors when pasting in config

Good evening I often have to configure a hundred new address objects at a time and then add them to an address group. I prepare the config by using Excel to combine columns with different values until I have the string of txt that I can paste into the CLI to add these objects to the PA. Here is an example of some of the lines of code I e...

RobSmith by L1 Bithead
  • 12884 Views
  • 4 replies
  • 0 Likes

PA-500 Url Filtering

Hello, i have another problem with policies... I used AD to filter people which can access the appropriate site. And I have rule in order: 1. Allow facebook (when I give access to whole facebook application) 2. Allow Youtube (when I use url filtering) In my opinion when user who is in group allow_facebook and allow_youtube and want to ope...

ITBT by L1 Bithead
  • 3668 Views
  • 3 replies
  • 0 Likes

configuration of the NAT rules to DMZ zone

Hello, In our office we have two servers in a DMZ zone (10.10.10.3 and 10.10.10.4). In the PA-500 I created a DMZ zone that's related to a vlan in the switch . This switch i related to the serves (10.10.10.3 and 10.10.10.4). The servers are in DMZ zone so I configure the NAT rules with static NAT and I open the necessary ports. But without any...

NAT-cisco.JPG
RCHAIBI by L2 Linker
  • 10991 Views
  • 13 replies
  • 0 Likes
  • 24379 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks