General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Emergency FTP on a Friday Night

PAN-200PAN OS 6.So there are, standing up an FTP server for client use. Got it configured, and tweaked, and secure. Planned to figure out how to open up the firewall next week.After hours. Manager called. I'm on a conference call. Have some client data to move. The old (hosted) ftp server is slow. The new one is fast! How about it ..I l...

bdunbar by L3 Networker
  • 3539 Views
  • 2 replies
  • 0 Likes

Resolved! Latest content updates failing?

Anyone else seeing this one?On both my firewall installations (2020 HA pair and 3020 standalone), the last two content updates (the failed one 473 and the replacement 474) are failing to complete, according to the job log, vis-a-visYet the relevant content update shows as "installed" in the dynamic updates page.Is anyone else seeing this? Or am ...

darren_g by L4 Transporter
  • 5787 Views
  • 4 replies
  • 0 Likes

Resolved! PA-200 Initial Configuration from console only

Trying initial setup of PA-200 using console connection (public on ethernet 1/1, no mgmt connected). I know I have to remove virtual wire, but having validation error below. Any suggestions ?delete network interface ethernet 1/1 virtual-wiredelete network interface ethernet 1/2 virtual-wiredelete network virtual-wire default-vwiredelete network ...

niuk by L3 Networker
  • 3735 Views
  • 2 replies
  • 0 Likes

Resolved! Using a large destination-domain blacklist

Hello,I am considering the use of a domain name blacklist published by the DNS-BH project in a custom URL category that will block access to any of the included domains. However, the list is over 12K entries long, which obviously doubles when I add an additional wildcard entry for each. So, i have a few questions. First, does it make sense to...

schaleg by Not applicable
  • 3326 Views
  • 2 replies
  • 1 Likes

Resolved! Globalprotect Mobile - no cert found

I've seen post like Re: IOS Global Protect APP - Required Client Certificate is not found but the fix was to manually import certificate to phone..How do I make my GP on droid to auto-download cert and connect ? I have same problem on Windows PC , manual cert import make the client working

niuk by L3 Networker
  • 5643 Views
  • 3 replies
  • 0 Likes

Radius timeout greater than 30 seconds

I am working with Microsoft MFA for some RADIUS based "cloud" dual factor authentication.MFA recommends a RADIUS timeout of 60 seconds due to the nature of their solution but PAN restricts RADIUS to 30 seconds as a maximum.Is there anyway to bypass this restriction?Thank you.

kk555 by L0 Member
  • 3642 Views
  • 2 replies
  • 0 Likes

URL filtering issue.

Hi Friends,i am facing one issue with url Filtering my site category is showing malware- sites but when ever i am trying to check with ( https://urlfiltering.paloaltonetworks.com/testasite.aspx ) its showing travel category. please suggest.

Satish by L4 Transporter
  • 5468 Views
  • 8 replies
  • 0 Likes

Resolved! Match UserId problem

Hi, we have 2 PA in cluster Active/passive. We have done the fail-over and when the secondary PA is working i can see userid is not maching. I have checked all the Userid agent config and state and everything is ok. I have restart all the userids agent and group mapping, after all its nor working.tel@fw2(active)> show user user-id-agent stati...

SOC_CSG by L4 Transporter
  • 4441 Views
  • 5 replies
  • 0 Likes

Dynamic Updates Problemes

From this night with last dynamic update of Applications and Threats the detection of private IP's in Geo IP location changed from origin private IP to unknown. Does anyone have the same issue? Since this morning with last dynamic update of Applications and Threats we have massive connection problems and we are clutching at straws.

Resolved! Two Global protect Portals on one gateway - possible?

Folks.I have a need to implement certificate based login for most of our corporate PC's to Global protect - so they pre-login and get domain scripts etc when the remote users logon.However, I also have a number of PC's which aren;t corporate owned (and, as such, I can't push certificates to) which still need to be able to login just using userna...

darren_g by L4 Transporter
  • 9134 Views
  • 7 replies
  • 0 Likes

Resolved! IP Mappings Disappear Too Soon in log

Hi, We have two PA-3020 in HA state, PAN-OS is 5.0.4 and we have configured 4 User-ID Agents (for now, in this troubleshoot stage, we are focused on only one agent).Problem is in IP – user mapping. Sometimes in logs we see user and in very next moment the field for username is blank. The problem is equivalent with section IP Mappings are Created...

Resolved! What happens when a User-ID agent restarts?

I have been using the agentless user-id but it seems to be overloading my firewalls so I am moving to a separate agent. I am trying to decide whether I need one or two though and need to understand what happens when an agent restarts.When it loses the agent, does the firewall drop all its user mappings?When the agent comes back does it drip-fee...

djr by L4 Transporter
  • 6963 Views
  • 6 replies
  • 0 Likes

Web Interface access from Internet

I have PA-200 connected to Internet , but mgmt interface disconnected right now. Do I have to piggyback mgmt to one of remaining Ethernet interfaces in order to get access to web interface from Internet ? Plus port forward rule ?Let me know

niuk by L3 Networker
  • 9975 Views
  • 17 replies
  • 0 Likes

Question On NAT Configuration

Hello All,I have a PA-200 at home, sitting behind a Comcast modem, that hands out a single DHCP address.I also have a Meraki Z1 VPN device associated with work, that I have behind the PA-200. The Meraki requires that the source port not be translated, when attempting to contact the Meraki cloud concentrator. The Defualy Source NAT gives me an e...

Resolved! SSL Decryption - getting spoof cert out to BYOD personal devices

We are in the process of setting up SSL decryption. We have a BYOD wireless network that needs to have SSL decryption turned on. Students can connect with their personal devices, so we need to be able to block Facebook, porn, etc.that are coming in over HTTPS. We've got it working with organization-owned equipment but are having hang-ups with...

dannon by L3 Networker
  • 12820 Views
  • 8 replies
  • 0 Likes
  • 24400 Posts
  • 123 Subscriptions
Top Solution Authors
Labels