This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

User-ID ignore multiple users - agentless or agent

Hi,I've got an installation with approx 70k+ users, where user-id is an important factor. I want to ignore all user with prefix adm or svc in the user name(admin and service accounts) from user-id, to avoid getting unwanted ip-user-mappings. I have the option to both use agentless and agent on windows server. There are so many admin and service ...

torm by L4 Transporter
  • 6019 Views
  • 3 replies
  • 0 Likes

Block File inf_pu_toolkit_v2.swf

Hi,Two of our users have visited a site and downloaded the file inf_pu_toolkit_v2.swf. The file was submitted to wildfire, but I want it to be blocked from being download again. Where do I go about doing that?

Akamai Technologies?

It seems nearly every time I need to determine the URLs that are using what seems to be excessive bandwidth, this one comes up the most. Akamai Technologies. I understand they are a CDN, but if most services rely on their services and that is as far as we can go to determine the source, this really kills any advantage of the PA; or at least the ...

jharlow by L3 Networker
  • 7993 Views
  • 3 replies
  • 0 Likes

Resolved! interface and subinterface configuration for untagged VLAN 1

I have a switch that is allowing all VLAN 1, 44, and 120. I have the following configured:on the physical interface I am using 192.168.0.1/24 which is VLAN 1created two sub interfaces for each VLANsubinterface .44 tagged 44 IP address 172.20.44.1/23sub interface .120 tagged 120 IP address 172.20.120.1/24Is this the correct configuration?

Ipsec VPN issue with checkpoint

Hi Friends,We have an IPsec VPN tunnel configured with CheckPoint firewall. Basically, when our Phase 1 expires after 24 hours, if a Phase 2 key is still within its 1 hour lifetime, we receive no response back. Only after the Phase 2 key expires and a new Phase 1 SA is negotiated that we can pass traffic. This happens every day, ...

Satish by L4 Transporter
  • 11808 Views
  • 4 replies
  • 0 Likes

Resolved! Static user-id to IP-address mapping

Hi All,Is there a way in PanOS 6.1.x to manually map a user-id to an ip-address.Or is there a way to set an IP-address to be exempt from the user-id mapping policy.I have PA-500s being staged behind a generic firewall inside a production network with a PA-3000 on the perimeter. The PA-500s NAT their external connections via the generic firewall...

Resolved! High Availability VWire

I am setting up a HA pair of 5060s in vwire mode between two Cisco ASA's and the internal switch. the ASAs are set up has HA.What is the best way to set up the 5060s in HA to ensure they notice when the ASA fails. I do not want a scenario where the ASA fails but the Palo does not. Then the secondary ASA will be active forwarding traffic to the s...

How to use Panorama to deploy standardized remote sites?

I'm looking for a way to use Panorama to deploy about 100 remote sites.Let's say that we have the following scenario:Site 01 has local subnet 192.168.101.0/24Site 02 has local subnet 192.168.102.0/24Etc through site 99 has local subnet 192.168.199.0/24On each site, .1 is the firewall, .3 through .5 are onsite resources, .6-10 are switches, .11-1...

Resolved! using url categories in security rule base blocks allowed traffic

Hey all,We have a security rulebase which is causing some bizarre issues.rule 1:trust to untrustservice: tcp-80url category: online-storageurl filtering profile: alert-allallowrule 2:trust to untrustservice: tcp-80url category: /url filtering profile: alert-allallowwhen we do some web traffic to www.bing.com we get 2 different type of resultsA) ...

mr.linus by L4 Transporter
  • 9682 Views
  • 8 replies
  • 0 Likes

DHCP not passing thru the 500 in wire mode

I am using a pa-500 as just a web proxy, I have clients sitting in different vlans connected to a ASA5512 that is acting as the router/FW and has DHCP Relay setup and was working fine. I added the PA500 between the ASA and the other network as a web proxy, since then DHCP has failed to work. The PA 500 is running in wire modeAny Suggetions

jtribble by Not applicable
  • 3516 Views
  • 2 replies
  • 0 Likes

BGP setup - "max prefixes" question

We have a pair of 7050s that are Internet-connected via three ISPs. The ISPs are sending a limited set of routes (essentially the IP space they "own) down to our border routers. We want to replace the static default route we're using with BGP between the firewall and our border routers, but the total routes come to around 100k, which is over the...

Resolved! Cannot ping PAN from srx

Hi guys,I just got my hands on a new PAN. I have setup an srx100 behind the PA-500. The interface Ethernet 2/8 is in the trust zone, is setup as a L3 interface and has an IP of 10.1.1.1. The SRX's IP is 10.1.1.2. The SRX's next-hop address is the PAN's gateway IP (10.1.1.1). A show route on the SRX confirms the route has been setup properly. Now...

  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks