General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Basic noobie question.

I am looking to what I would call port address translation, but am unfamiliar with how to do it on the PA. Basically I need a public IP to route SNMP traffic to one inside address, and syslog traffic to another inside address. This will also only app

...

mcocat by Not applicable
  • 2845 Views
  • 6 replies
  • 0 Likes

Resolved! WildFire Question

Have a question about the functionality of WildFire.  Here is the scenario (assume we have a WildFire subscription so we are getting updates every 30 minutes):

  1. User gets an email to download "file.exe" at 0800
  2. This hash does not match anything and is s
...

mrsold by Not applicable
  • 5194 Views
  • 7 replies
  • 0 Likes

Resolved! Userid Not detected for some traffic

We are using 4 User-id Agents and today some users started experiencing problems with certain sites they use.  The same sites for all users.... but not all sites.  We have many ad group based rules and some are still working while others seem to have

...

cdp181 by L1 Bithead
  • 4622 Views
  • 3 replies
  • 0 Likes

Resolved! PAN OS Upgrade 6.0.5 failure and success

Hello All

Out of the box, my 3050 Firewall had PAN OS 5.0.x and I wanted to upgrade it to.the latest 6.0.5 release. My Firewall does not have internet access yet, and so all the following things were done offline by downloading files on my laptop.

So,

...

VMware View rules configuration

Does anyone have any information on how to get user-id to work with a VMware View security server sitting in the DMZ? Right now the only way we can get PCoIP traffic to flow to is by specifying the ip of the VDI machine that is being connected to. Wh

...

Global Protect Troubleshooting

I have a portal and 3 gateway's setup.  From my home network and a couple other home networks Global Protect works with no issues,  We can disable the client, re enable it, change to different gateways on the fly and it connects right up.

Now for some

...

markk96 by L3 Networker
  • 4578 Views
  • 4 replies
  • 0 Likes

Upgrade to 5.0.14-h3 stopped traffic

We just attempted to upgrade some 5020's to 5.0.14-h3(mainly to patch the evasion vulnerability) and quickly found that the upgrade broke traffic traversing the firewall.  During the short period of time it we were running on 5.0.14-h3, there were a

...

jambulo by L4 Transporter
  • 2833 Views
  • 6 replies
  • 0 Likes

Resolved! What SSL/TLS versions are allowed for WEBUI

Hello,

I'm trying to verify which SSL/TLS versions and Ciphers the PANs accept for WEBUI connections.  Specifically I am trying to verify that it does not accept connections using weaker Protocols or Cipers and if it is configurable.

Please note that

...

Netflix application rolled in to web-browsing?

Last week I ran an ACC report for the top 25 applications.  Netflix was #3 (university environment, so it's to be expected).  Today, I ran the same report and Netflix (as an application) is no where to be found.  I launched Netflix on my computer to

...

bhelman by L2 Linker
  • 3151 Views
  • 3 replies
  • 0 Likes

Resolved! App-ID for Apple iOS Update

Hi All,

I'm preparing for tomorrow's iOS8 update.  Last year with iOS7, we got slammed on bandwidth.  This year now that we have the Palo Alto, I'm configuring QoS so that the iOS update doesn't eat all of our bandwidth.

Does anyone know what App-ID th

...

wocomike by L1 Bithead
  • 5369 Views
  • 5 replies
  • 0 Likes

User-ID IP mapping

Why does some traffic in the logs not have a user tied to the IP address at times even tho in the logs the IP has a user mapped to it most of the time.  This is causing policy to be dropped down to a different level.

markk96 by L3 Networker
  • 2656 Views
  • 5 replies
  • 0 Likes

Issue with static routes.

I look after a PA2050 running OS 4.1.8

I am trying to setup 2 new static routes in my virtual router but they are not being picked up when I do a show routing route or show routing fib after a commit.

One of the routes is a new one and the other is a r

...

phild by Not applicable
  • 6056 Views
  • 12 replies
  • 0 Likes

Resolved! How to remove an address-group member via XML API

Hi,

I would like to remove a single member from an address-group, here is the query I am sending:

https://firewall1.it.mydomain.net/api/?type=config&action=delete&xpath=/config/devices/entry/vsys/entry[@name='vsys1']/address-group/entry[@name='NameOfTh

...

Alextc by Not applicable
  • 5048 Views
  • 3 replies
  • 0 Likes
  • 24034 Posts
  • 102 Subscriptions
Top Liked Authors
Labels