General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Apple MAC's and User-ID

We recently implemented a pair of PA-3020 in an Active/Passive cluster.I have been working on USER-ID, but have an issue. There are about 2500 Apple MAC computerson site. They are binded to AD , even if an AD user uses logs in to an Apple MAC there are no MS events in the security logs to forward to the User-ID agent. Most all of the Apple Mac’s...

UA_MC by L1 Bithead
  • 14971 Views
  • 4 replies
  • 1 Likes

XML API: Meaning of cpu load-average / load-maximum values

Hello,first of all I am new to Palo Alto Firewalls and I`m highly impressed about the xml api which comes with palo alto. very cool and useful stuff! It took me just a couple of hours to fulfill some management requirements on reporting. Now I want to go on and create a monitoring script, which checks the cpu-cores for "long-time high-utilizatio...

InetRIT by L1 Bithead
  • 5331 Views
  • 2 replies
  • 0 Likes

PAN-VM HA Link Group Monitoring Issue

Hi,I have a pair of PAN-VM in active/passive mode and configured link group monitoring with four member ports and when I disconnect one of the ports from vSphere the failover happens quickly and marks the node as "non-functional (Link down)" but when I connect back the port the status does not change and failback not happening unless I remove th...

Question on QOS

QOS is something I am looking to start using for a few things but I just had a couple of questions about it.So firstly, I can set a QOS rule and assign a class. I know I can create profiles on the class, but lets just say I use the default classes that are setup. If I create a rule saying that a particular range of IP's going through my internet...

JRussell by L3 Networker
  • 6720 Views
  • 9 replies
  • 0 Likes

Captive Portal; User loosing internet access

Hello,A user is complaining that he is losing internet access randomly through the day. After he refresh the web browser a couple of times or logs off he is able to access the web. The error he gets is a generic IE 10 error, "This page can't be displayed" etc... When I looked at the firewall, Logs -> Traffic, I notice under the "Source User"...

Global Protect + LDAP + Cert Auth = Auth Fail AND Auth Success

Is anyone else running this setup...Global Protect VPN(iPads specifically) using LDAP(Active Directory) AND client certificate for authentication....if you are, have you noticed in the System logs, when a user authenticates to Global Protect the PA logs one or two Auth Fails followed by an Auth Success?Our users are not noticing anything on thei...

jambulo by L4 Transporter
  • 3501 Views
  • 3 replies
  • 0 Likes

Resolved! SMTP long MAIL anomaly Vulnerability(30392)

The description says "This signature detects an anomaly in SMTP protocol. It would trigger when anoverlong mail command argument is passed to MAIL command."Can anyone elaborate on this definition or know where I can access more detailed information about this threat ID?Thanks !!!!!

Resolved! IPSec-ESP No matching record

The last few weeks I have noticed a large amount of traffic on the Network Monitor coming from IPSec-ESP. I moved several VPN tunnels off our old WatchGuard to our Palo Alto PA-3020 around the time this started. When I click on the application itself to filter it I see that it cannot identify anything about the traffic. Is this normal? Shoul...

ClintL by L2 Linker
  • 13398 Views
  • 15 replies
  • 0 Likes

Encrypted Traffic over the Palo Alto

We have site to site VPN (both side PA) in our network, I want to send some encrypted traffic over the tunnel , How the palo alto will decide the encrypted traffic not to be scanned (threats) and filtering rule also not applied for the those traffic. Please suggest.

tiwara by L3 Networker
  • 5935 Views
  • 4 replies
  • 0 Likes

Fan RPM defaults for a 3020

I recently purchased a PA-3020 and just fired it up for the first time. The first thing I have noticed is how loud this device is. It is almost deafening and can be heard in the hallways behind a door in my server room. Is this typical behavior? I check the fan RPM speeds and all four are registering around 14k. I called support but they st...

rayb by Not applicable
  • 3987 Views
  • 2 replies
  • 0 Likes

Dual ISP

My main PA is configured for dual ISP's and I am going to put third party certs for my global protect clients. Do I put two certs on? One for each ISP?

infotech by L4 Transporter
  • 8490 Views
  • 17 replies
  • 0 Likes

Resolved! Help With Custom Datafield or Vulnerability

I have a Snort rule for a specific network activity I wish to either block or alert on. I would like to translate this into a PAN. Would it be best to do a data field or a vulnerability?alert tcp any any -> any any (content:"|6E|"; depth: 1; content:"|36 36 36 58 36 36 36|"; offset: 3; depth: 7; msg: "Beacon C2"; sid: 1000000001; rev:0)

SDorsey by L4 Transporter
  • 3620 Views
  • 5 replies
  • 0 Likes

Use VM-100 With Could Provider - MAC Issues

We are trying to set up a VM-100 as the entry point to a virtual data center. We have run into an issue with the MAC addresses on the VM device not matching the MAC addresses on the Palo interfaces. We appear to be stuck at this point. Apparently it is not possible to change the MAC addresses inside the Palo. We approached the cloud provider abo...

khansen by Not applicable
  • 4106 Views
  • 4 replies
  • 0 Likes
  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels