General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

OSPF with 2 tunnel

HI all.

My networks same the figure. ( User VPN and OSPF)

I want use WAN Tunnel is the main path. from Branch to HQ ( only use Interne Tunnel when WAN Tunnel Down).

In OSPF config I set WAN tunnel metric is smaller than Internet Tunnel but when i tracer

...

dat.tran by L2 Linker
  • 966 Views
  • 0 replies
  • 0 Likes

problem with group membership display in PAOS 5.0

I use the command :"show user group name domain \domain users" , the response from the firewall is :"User group 'domain\domain users' does not exist or does not have members" .

The domain users is the default group for the new user, I think maybe some

...

Resolved! Policy log settings

Hi Pals,

I would like some second opinion on my observation reg. the option 'log at session start' and 'log at session end'. I have tried both options and at the same time monitor the generated traffic logs for each setting. This is my observation:

a)

...

Suhaimi by L1 Bithead
  • 2014 Views
  • 4 replies
  • 0 Likes

Dynamic block list and custom blocked page

Hi,

I am planning to use custom blocked page. So far I have got the logic of creating custom block page and using it in the policy. I would however like to know if I can somehow redirect user to custom blocked page and inform user that his/her access

...

File blocking..

Hi Gents,

I have a Palo Alto 5050 installed between users and my Server Farm.

I configured a security policy to allow access to the File Server, and applied a File type profile to block files such as exe, avi, and FLV.

but the file blocking doesn't work

...

File Types and Applications regarding SSL Decryption

Hi All,

I don't have content Filter License.

am I required to configure ssl decryption to block internet applications or file types?

shall I've a content filter license to configure ssl decryption or not?

Also I'm facing other Issues,

to open internet acc

...

Policies security rules - filtering issue

Hi,

Do you know is there any documentation regarding policies security rules filtering?

I have found some strange behavior for filtering. Examples below on the screenshots are from Palo Alto testing firewall (sv 5.0.6). As it can be seen, if I use fil

...

Monitor traffic - filtering issue

Hi all,

we have noticed inconsistency in PAN OS 5.0.8 and 5.0.9, compared to 4.1.9, related to monitor traffic filter. In older version message box pops-up in case filter is not properly defined (i.e. if there is syntax error), which is fine and helpf

...

Active/Active traffic log.

Hello

I knew session owner generate traffic log.

Does session setup device generated traffic log  If a session is denied L4 processing before L7 processing???

Network Diagram

Router#1(Power-OFF) ------ Router#2(Power ON)

            |                     

...

Resolved! use GlobalProtect for Network Logon

Dear,

Is it possible to use GlobalProtect with pre-logon enabled as a "Network Logon" for Windows?

This way I want to use the GlobalProtect to tunnel the domain-login request to our AD when the pc is on the road.

Ultimately we want to use this for users

...

mr.linus by L4 Transporter
  • 2311 Views
  • 8 replies
  • 0 Likes

Resolved! L3 deployment with dynamic IP and DMZ (NAT and PBF required?)

Dear all,

I'm trying to move from my initial vWire deployment to L3 in order to get rid of my SSG5. Later on I'll also get rid of my SA-2000.

Current layout:

ISP (dynamic IP) - PA vWire - SSG5 - PA vWire - Intranet

                                       

...

About updating AD group membership

Hello guys

1. I configured LDAP profile and update from AD DC

2. AD group named domain-users has about 10900 user

3. Customer created new user and applied new user to domain-users group

So I tried to refresh a group-mapping information by debug command.

...

Top Solution Authors
Top Liked Authors