This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Cisco Wireless Networks, ACS, Syslog-Senders, and AD Groups !

Hi,I've worked out how to recover the User ID, or UID, from a wireless network logon by sending syslog messages from the Cisco Access Control Server, or ACS, to a syslog-sender configured on my firewall. For wired connections I can recover UID and AD group membership through the PAN UID Agent and Group Mapping Settings.But I still can't figure ...

Resolved! Filename capturing not working...

Hi everyone,Is it possible to capture filenames as they are uploaded to dropbox, box.com, justcloud.com, etc...? We "should" be decrypting the traffic according to our decryption policy. Well it at least shows the flag decrypted in the packet capture. But.....I'm not seeing the filename anywhere. We'd like to know who transferred what to where a...

Crash28 by L1 Bithead
  • 4378 Views
  • 3 replies
  • 0 Likes

How to configure a pa-500 with 2 inputs

I have a PA-500 running as a web proxy, The connection from the inside is a ASA-5512 (required), except that I have 2 5512's running in active-standby failover mode. How do I connect both 5512's into the PA500 so that if a failover happens the traffic from the back 5512 is scanned?

jtribble by Not applicable
  • 7986 Views
  • 10 replies
  • 0 Likes

Zone Configuration

Firstly, apologies if there is already a thread on this.I have a pair of PA5020's running in HA mode with PAN-OS 6.0.5-h3When trying to create new interfaces I get the following errors Interface X has no zone configuration.Interface Y has no zone configuration After looking at other threads it says to configure the zones using the CLI However t...

JulianH by L1 Bithead
  • 2892 Views
  • 1 replies
  • 0 Likes

Panorama 6.0.4 and PA-200 6.1.0

Seems like the PA-200 will not connect to Panorama after software Update to 6.1.0Just wanted to check if this is the case. (Panorama needs to be at least 6.1.0 to get the PA with 6.1.0 connected, or if i have an other issue)thanks,Kai

MFB123 by L1 Bithead
  • 3113 Views
  • 1 replies
  • 0 Likes

Resolved! Kipmi0 process eating up to 100% cpu

Hi all,Please I would need your help. After upgrading to Panorama 7.0.1 (current PAN-OS is 7.0.0) I´m having constantly CPU peaks up to 90-100% caused by the process Kipmi0. Did anyone else have the same problem?? What this process is used for?? Is possible to re-start this process??Many thanks in advance.Marcos.

Carracido by L4 Transporter
  • 5906 Views
  • 1 replies
  • 0 Likes

GlobalProtect Prelogon - using non-cached AD account

So i 've been having some issues getting GP prelogon working correctly. As of right now - GP will make the VPN connection before logon(i am able to ping my device prior to logon) and after i login with a cached account it maintains its VPN connection and i have full network access, no issues. However, when i log in using a non-cached account - ...

sross79 by L1 Bithead
  • 7752 Views
  • 7 replies
  • 0 Likes

VPN flapping

Hi, we have configured a VPN site-to-site between Juniper SSG and PA3020. The tunnel is flapping up/down. The VPN is well-configured and we have configured VPN monitor with Rekey option in the SSG. How could we know why the tunnel is flapping all the time??? i attached the PA logs2015-07-30 16:52:11 [PROTO_NOTIFY]: ====> PHASE-2 NEGOTIATION...

SOC_CSG by L4 Transporter
  • 5367 Views
  • 2 replies
  • 0 Likes

Meru Integration with PANOS 6.1.5

HI Folks,We're trying integrate our Meru system with Palo Alto Networks. but can't find any documentation.As far as i can see we have two options:- Radius- Syslog feed straight to the PA device.Has anyone created the regex's / parsers for Meru and Syslog integration with Palo?Many Thanks,Chris

PA device responds to unwanted ARP requests

Hi,I've stumbled upon a tricky situation that I've managed to resolve but still don't know why PA did what it did.The scenario is as follows:1) Internet traffic comes into PA from the WAN zone, internal users use the LAN zone.2) There is a DMZ switched VLAN. PA has an L3 interface in that VLAN with an IP of 192.168.0.1. This interface is in the ...

What's mean for counter "flow_fpga_rcv_err" ?

Hi guys,Sometimes, the firewall has got a increasing drop counter simultaneously as following."flow_fpga_rcv_err" - Packets dropped: receive error from offload processorpacket drop : offload processor parse errorI want to know it is expected behavior or not. If it is expected behavior, Please let me know in detail.Thanks.Regards,Roh

Resolved! Failed to handle CONFIG_COMMIT

Hi, did anyone had this error before?Operation CommitResult OKDetailsConfiguration committed successfullyWarningsError: failed to handle CONFIG_COMMIT(Module: device)It appeared out of nowhere. I run 7.0.0

Session behaviour during vrouter changes

Hi everyone,We've got a number of virtual-routers in our PA-5050s and we're looking to do some consolidation to simplify the configuration. Basically, we're looking to reduce the number of vrouters by moving interfaces that are currently in different vrouters into one common one. We are not going to change the zones associated with the interfa...

Mack by L2 Linker
  • 2706 Views
  • 1 replies
  • 0 Likes

Resolved! PanOS6 - Redundant VPN Tunnels

Hi all,I cannot find an easy solution to this problem of having an automatic failover once the primary VPN tunnel goes down. Goal is to have both Tunnels up and runnig at the same time, once the primary VPN tunnel dies it will automatically use the other remaining backup tunnel. Remote Peer IP (195.186.255.x) stays the same for both tunnels. Cur...

gafrol by L4 Transporter
  • 8002 Views
  • 5 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks