General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Secure LDAP Policy Rule Setup

Hello.I am trying to setup an application policy rule to allow secure LDAP from our hosting company back to our internal domain controller running MS AD. I have the appropriate NAT statement setup.If you look in the log screenshot above, you'll see that the first entry is being denied. For my list of allowed applications in that rule, I have a...

dannon by L3 Networker
  • 13299 Views
  • 2 replies
  • 0 Likes

Resolved! User-ID Agent Errors on Domain Controllers

I'm getting the following error showing up in event viewer on our Windows domain controller. We have 4 DC total that have the the user-id agent installed.As you can see, I am getting a lot of these error. The IP in question is one from our BYOD subnet, meaning it could be a end-user personal device. Most of the IPs in the error logs are from ...

dannon by L3 Networker
  • 8234 Views
  • 3 replies
  • 0 Likes

Certificate failed to load

Hi all,We have two PA-4060 in active/passive mode with PAN-OS 4.1.12 (I know, old..).Yesterday, after rebooting passive device auto commit failed with:Error: Certificate 'XYZ' failed to load: failed to parse keyand device went to not-ready state.After deleting problematic certificate and with commit force device become functional again.We then t...

ISSUE WITH GLOBAL PROTECT

We have configured One VR-1 onlyEthernet 1/1 is a WAN interfaceEthernet 1/2 is a WAN interfaceEthernet 1/3 is a WAN interfaceEthernet 1/4 is a LAN interfaceWe’ve created ETH1-ZONE for Ethernet 1/1ETH2-ZONE for Ethernet 1/2ETH3-ZONE for Ethernet 1/3ETH4-ZONE for Ethernet 1/4VP –ZONE for all the tunnels (used for remote connection site with site-1...

En modo mantenimiento no me deja hacerle un factory reset, me aparece typeerror: unpack-sequence

Traceback (most recent call last):vigate, ENTER=Select, ESC=Back File "/usr/local/bin/mrt", line 192, in ? main(sys.argv[1:]) File "/usr/local/bin/mrt", line 187, in main m.main() File "/usr/lib/python2.4/site-packages/mrt/ui.py", line 4330, in main self.ui.run_wrapper(self.run) File "/usr/lib/python2.4/site-packages/urwid/curses_...

cgaona by Not applicable
  • 2499 Views
  • 1 replies
  • 0 Likes

Can PA be possible for content inspection after ssh decryption?

Hello,Can PA be possible for content inspection after ssh decryption?I looked the below document.Details on Port Forwarding Inside SSHThis document mentioned the following comment."Content and threat inspection is not done on the SSH tunnel session"I don't know that It means whether only 'ssh-tunnel' application or both 'ssh' & "ssh-tunnel' ...

schong by L0 Member
  • 2646 Views
  • 1 replies
  • 0 Likes

What happens if Dynamic Block List server is inaccessible?

If we are retrieving a list of IP's via Dynamic Block List to Allow and/or Deny traffic, what would happen if the web server hosting the .txt file is inaccessible during a refresh? Would the DBL object lose all of the IP addresses and render the rule using it useless?

jambulo by L4 Transporter
  • 3814 Views
  • 3 replies
  • 0 Likes

Issues with geolocation IP addresses

Hello,We have policies (geolocation) which only allow connection from Spain and Andorra.In many cases the IP addresses identified by geolocation, is not properly updated and sometimes Palo Alto identifies an IP like another country rather than as Spain or vice versa.How does a query to get that information Palo Alto?What are the files that query...

SOC_CSG by L4 Transporter
  • 17771 Views
  • 10 replies
  • 0 Likes

Resolved! How can I export my Applications list in a given profile.

I have a rather long list of allowed applications in a profile and want to export them for various reasons. I need to document them, and as I consolidate policies to a single on I don't want to add each one if I cam import them. Is there a CLI to just get the applications names in a given profile?

Resolved! Problems with configuring Palo Alto PA-500 Firewall

Hi Guys,I can connect via serial and console port from CLI to Firewall. But when i am trying to set ip for management interface i'm getting the following errorServer error : system -> authentication-profile 'LDAP Authentication Profile' is not a valid referenceCan anybody help me?ThanksTigran

Active/Active HA on 7050

I'm getting ready to implement an Active/Active setup on a 7050. What is the best practice for bandwidth over the HA links? I'm more curious about the HA2 and HA3 links.

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels