General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Active/Active HA in vwire mode - Link Monitor

When configuring an active/active pair of 5060s in vwire mode, is there a need to configure link monitoring? the 5060s are setting behind an HA pair of Cisco 5585s and want to ensure the Palos failing over will not affect the traffic from the ASAs. I have an HA 3 interface conifgured but since both firewalls will process traffic, is there a ne...

Using Global Protect Internally - Several Questions

I am fairly new to the world of Palo Alto, so I apologize if this is answered elsewhere. My team is looking at an implementation scenario, and I have several questions as a result. I figured this community would be the best place to start. We are currently looking to implement Global Protect internally, as a possible replacement for Cisco NAC ...

Resolved! Acknowledge Traffic Log Threshold Alarms

We recently reached the point where our traffic logs are reaching 90% of quota and alarms are being generated. I understand that this behavior is normal and I do have the option of turning alarms off if I wish. I don't want to turn them off but I see the option to acknowledge them. What I'm wondering is do these acknowledgements ever get purg...

SystemAlarms.jpg
herrmoss by L2 Linker
  • 6545 Views
  • 5 replies
  • 0 Likes

Using wildcard pattern/ regex in URL filter

Hello, I like to exclude subdomains from decryption. Therefore I've created a URL category. But I don't like to exlude all subdomains only specific subdomains. For example: I like to exlude domains starting with "whatsapp" and ending with "facebook.com". So the URL whatsapp-p3-bgp-01-iad3.facebook.com should be exluded from decrypten. But w...

IP confilicting error

Hi We have configured HA pair on our two PA-VM200 Palo alto firewall. Now IP address of my interfaces eth1/1 (inside 10.1.1.1) and eth1/2 ( out side 10.1.1.2) are showing same as primary 10.1.1.1 on both firewalls and I am getting IP confilicting error. Any idea ? Regards,

User-ID Agent Windows 2003 logon events

Hi all, I sometimes have a really hard life mapping domain users with old Windows 2003 forests using UID Agent (no matter if version 6 or 7)) I'll try to explain: when and only when using UID Agent I cannot read all users logon events or, worse, I can't read users at all, ending up having not all domain users transparently mapped and issues with...

GlobalProtect - PW Prompt when LDAP Auth is down.

Hi all, I tried support on this, didn't get much help. I am using PANOS 7.0 and GlobalProtect 2.2.1 I have a couple hundred GlobalProtect clients using Windows. I am using pre-logon (always on) with LDAP authentication. The goal is to have the GlobalProtect clients to stay connected to the gateway at all times, or keep trying to c...

snippet1.png
snippet2.png
snippet3.png
mmclimans by L3 Networker
  • 9971 Views
  • 9 replies
  • 0 Likes

Dual NIC - IP Mapping Issue

This appears to happen at random to a random subset of users.Environment:> 160 AD DCs4x UIAs (2 - 80 DCs / 2 - other 80 DCs)Assume:All possible DCs that a user would authenticate to are being monitored by the agents.Scenario:When users with laptops come into work in the morning, dock and start their computer up. Their computers (Win7) have b...

Auto upgrade on OS

It looks like an upgrade for the os comes out about every other month, has anyone come up with a way to automate the upgrade process and can you recieve email notification of when new os's come out

jdprovine by L4 Transporter
  • 2692 Views
  • 2 replies
  • 0 Likes

Resolved! Custom Report group by problem

Hello everybody! I am trying to make a custom report to see which users are using our VPN and when. I only need the user and the date, so using the database "Traffic log" is enough. I have only 2 columns selected: Source User, and Date. The run now shows what I want, so that part works. Now, I want to "Group by" Source User. I select it, clic ...

nsatc.net shows as spyware?

I have a ton of entries in my spyware logs for DNS attempts to nsatc.net Some digging suggests this is a site run by Microsoft related to Windows Updates. False positive?

PCI Vulnerabilities Report

Dear Friends, panos, panagent HULK hshah Steven Puluka hyadavalli mmmccorkleI have a doubt regarding PCI vulnerabilities scan and enable the signature for the same. when security team scan our WAN interface. he found below 1. SSL Certificate - Self-Signed CertificateVULNERABILITY DETAILSCVSS Base Score: 9.4CVSS Temporal Score: 6.9Severity: 2QID:...

Satish by L4 Transporter
  • 15943 Views
  • 16 replies
  • 0 Likes

GlobalProtect Data File

I can't get the GlobalProtect Data File to download. I have it scheduled to update hourly for a couple of days already but nothing. If i click 'check now' I don't get any version to download. I didn't find anywhere to download it manually. Dynamic update finds the new version but doesn't download it with 'No ETAG from response' error message. ...

santonic by L6 Presenter
  • 4436 Views
  • 6 replies
  • 0 Likes

Bulk upload of set commands in PAN-OS

Hello All,I'm working on a migration that requires me to breakout one large SRX config into a PAN-OS config while implimenting multiple VSYS instances. I am managing the configuration via Panorama, so I've got a base config out of the migration tool for the policies and I have that in a conversion device group. I'm using a CLI output of set co...

dan731028 by L3 Networker
  • 6612 Views
  • 1 replies
  • 0 Likes
  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels