General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Simplest way to limit bandwidth for internet browsing to preserve for VOIP traffic

Here's my situation. We recently went live with a hosted VOIP system (CallTower hosted Cisco UC). We are relocating our office in a few months so we decided not to put in a dedicated circuit for voice and instead use our 20 meg DIA connection. We have a PA-200, my guess is about 20 to 30 users max using the internet concurrently and same with p...

Resolved! Captive Portal over IPv6

Does anyone have experience setting up a Captive Portal over IPv6 ? I found the detail the PAN firewall that have support for it, With IPv4 it's easy. "IPv6 user information is captured from all of the User-ID-supported repositories and terminal services, as well from captive portal and our XML API." https://www.paloaltonetworks.com/products/fea...

Kanitin by L1 Bithead
  • 4835 Views
  • 3 replies
  • 0 Likes

Resolved! Multi-Factor Authentication for GlobalProtect

Hello All,I know the documetnation states to use a certificate as one form of authentication or hte mult-factor. However has anyone out there setup different authentication profiles for their portal and gateway configs? I'm wondering if setting up say radius otp for one and ldap/AD for the other. Thoughts?

Facebook Browser based and Facebook APP for iOS and Android

We currently allow limited facebook access like posting and allowing to post comments, but block facebook app, chat, etc. What I have noticed is that while the browser functionality works just fine, from an iPhone or Ipad, it does not. In face, you cannot even open the facebook App. However, Messanger seems to sometimes work and sometimes not. H...

User-ID Agent - Domain Override?

Hello All,I deseprately need an option to override the domain name for user-IP-mappings collected from an User-ID Agent.I've found that the Terminal Server User-ID agent has that option (https://live.paloaltonetworks.com/t5/Management-Articles/Domain-Override-Functionality-on-Terminal-Server-Agent/ta-p/63107) which is very handy for multi-domain...

BLazarov by L1 Bithead
  • 6125 Views
  • 2 replies
  • 0 Likes

Resolved! Using Splunk for collecting PA logs

Hi. We have a PA-5050 running PAN-OS 6.1.5. With the limited disk space we currently only get about 4-5 days worth of traffic log before it starts overwriting older events. We would like to increase this period to at least 6 months. One solution would be to setup Panorama which as a virtual appliance presumably would have unlimited disk space av...

HSTS and HPKP "pinned certs" - breaks decryption and captive portal

I'm seeing many sites recently, like Google and Reddit for example, that are implementing HPKP, which prevents man-in-the-middle decryption like the PA. Currently, Chrome browsers completely ignore the PA certificate on these sites and use the site cert. Firefox just stops with a security message with no proceed or bypass, even when the PA root ...

Maxstr by L3 Networker
  • 12019 Views
  • 8 replies
  • 0 Likes

Resolved! Global Protect Client settings

I Have configured Global protect and can successfully connect via clients. But after the initial instlal the users have to manually put in the port address along with their username and password.Is there a way to auto populate the portal address so the users do not need to know that info?

Security policies

Is there a good method to get and exported list of all the security policies on the PA without exporting the whole running configuration and in a format that is easy to read?

jdprovine by L4 Transporter
  • 2942 Views
  • 2 replies
  • 0 Likes

Resolved! Site-to-Site VPN question

I'm setting up a site-to-site VPN with static routes, which means the tunnel interface doesn’t need an IP address. But I would like to turn on tunnel monitoring and that does require an IP address on the tunnel interface. My question is does this IP need to be an actual publicly accessible IP or is it just two private IP's I define, both VPN pee...

Bvance by L2 Linker
  • 4015 Views
  • 4 replies
  • 0 Likes

View traffics in Mbits

Hi All, We want to view the traffics in Mbits/sec. We have configured QoS and see the traffics in realtime. Is there any traffics reports in Mbits?..In Graph, I see the traffics in Bytes. Please share any alternative ways..

Javith by L3 Networker
  • 2154 Views
  • 1 replies
  • 0 Likes

Resolved! Custom report question

I have block/continue set on a URL category and I was looking to see if there is a custome report I could build that would show me the users that use the continue password I have set and for which URLs they accessed?

Bvance by L2 Linker
  • 3414 Views
  • 2 replies
  • 0 Likes

DirectPath I/O

I currently have a marathon support case open and support's latest reply includes an internal-only link (I'm pretty sure), so I can't read it. 😞 The release notes for 7.0 specify: "High Availability (HA) Link Monitoring is only supported on VMware ESXi installations that support DirectPath I/O." This is the only mention of DirectPath in the e...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels