This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4125 Views
  • 0 replies
  • 0 Likes

Failed to execute op command

We frequently face an error for fetching the group-mapping in the user-id tab. The error is normally shown up as failed to execute op command. One of the reason can be invalid credentials in the ldap configurationTroubleshoot this error with Tail follow yes mp-log userid-log2014-05-04 14:31:21.052 +0400 connecting to ldap://[192.168.0.199]:389 ....

Westcon2 by L3 Networker
  • 7765 Views
  • 5 replies
  • 0 Likes

Turn off Application ID globally?

Can one turn off the application awarenes globally to set up a PAN as a L4 firewall? Trying to get some comparison stats against the old L4 only (non PAN) firewall and the new PAN.thanks.

blarney by Not applicable
  • 4863 Views
  • 6 replies
  • 0 Likes

PAN Dual ISP Failver Best Practices

I have setup dozens of PANs with multiple ISPs and failover but have some questions in regards to best practices..1. Is PBF the only way to handle failover? If not, can the same be achieved via HA Link/path monitoring or is that specifically for device/firewall failover? 2. This is mostly in regards to what is processed first in the firewall. If...

SDorsey by L4 Transporter
  • 8578 Views
  • 11 replies
  • 0 Likes

Unknown File Types

Hi all,we like to block or be alert when the file types .edrw and .easm (eDrawing) are passing the PA. Currently nothing is shown in the Monitoring Data Filtering.Any idea how to get PAN to update file types in security profiles? Can I somehow report it to PAN?

Hithead by L4 Transporter
  • 4948 Views
  • 5 replies
  • 0 Likes

NAT Performance Issue

Hi All,I recently migrated a client from a Fortinet firewall to a PANW. Most of the Virtual IPs from the Fortinet were migrated as bidirectional Source NATs.One specific server had issues where outside traffic would intermittently not be able to connect with the server. I troubleshot the issue and couldn't find anything wrong with the NAT or a...

Resolved! USER ID Issues

Hi All,My name is Paul Mathew and I am working as a Network Engineer at American School of Dubai, in UAE. Our environment is 99% MAC and IOS devices, and some of you were aware of Mobile Account concept in MAC. Let me explain briefly about it. Mobile account means when we login to a MAC machine as network user we create the mobile account so tha...

ajay by Not applicable
  • 10624 Views
  • 10 replies
  • 2 Likes

FILE BLOCKING NOT INSPECTING ZIP CONTENT

Hello everyone,I'm trying to block download of CPL files (PE) using a file blocking profile. We are trying to create it in a way which assures that even zipped CPL Files will be blocked. We created the profile but it did not work on HTTPS sites, just on HTTP sites. We were wondering if its necessary to create some kind of Decryption Policy or so...

Resolved! GlobalProtect and OS X 10.10 (Yosemite)

Hello,some of my colleagues are testing OS X 10.10 and the global protect client does not work. I read that Apple changed something with their signatures and when I take a look into the info.plist of the GlobalProtect Client it looks like this software is build with 10.6# less /Applications/GlobalProtect.app/Contents/Info.plist....<key>DTS...

Same QoS Profile Applied to Multiple Interfaces?

I have a single QoS profile applied to a pair of internal interfaces as seen in the screenshot below:In this case, will the two internal interfaces have a single shared maximum egress number or will the full maximum egress apply to each interface separately? In other words, are the QoS limits per interface or per profile?Thanks!

Resolved! Some advise

Hi there,I am trying to deploy a network that is connected directly to my PA box over a wifi connector and I am hitting some stumbling blocks. I wondered if someone might be able to offer any advise.The scenoria is this.I have an office that is connected to my office via a wifi transmitter. These wifi use the 172.16.5.x range. There is to be a f...

JRussell by L3 Networker
  • 4220 Views
  • 5 replies
  • 0 Likes

PAN-OS 5.0.6 SNMP

server:~ leo$ snmpget -M /usr/share/snmp/mibs -m ALL -Pu -v3 -a SHA -A xxxxxxx -l authPriv -u nagios -x AES -X xxxxxxx 10.48.1.10 `snmptranslate -On PAN-COMMON-MIB::panSessionMax`PAN-COMMON-MIB::panSessionMax = No Such Instance currently exists at this OIDserver:~ leo$ snmptranslate -On PAN-COMMON-MIB::panSessionMax.1.3.6.1.4.1.25461.2.1.2.3.2Do...

Teamviewer application not allowed by policy

I'm encountering a strange situation where teamviewer is not allowed by the policy in which it is defined but is instead blocked by my clean up rule.I have all the dependencies matched but for some reason the firewall does not match on the rule where teamviewer is configured but only matches on the deny all clean up rule. There are no other logs...

tajman by L1 Bithead
  • 7118 Views
  • 4 replies
  • 0 Likes

VPN - PA to PA - need internet traffic to go through additional device one hop inside PA

Remote site has a PA-200HQ has a PA-2020.I have the VPN setup between the two so that they are connected to each other. I need the internet traffic from the remote site to pass through our content filter that is connected to the PA-2020 at the HQ. the content filter is not seen by any devices, it is transparent to all devicesTraffic...

  • 24336 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks