General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

User ID methods?

I am curious how many folks are now using the ID agent that is built into the PA as opposed to the agent that is installed in a windows client?

I tried migrating to the built in agent but it seemed to cause excessive CPU usage on my DCs.

Thanks,

Bob

BobW by L4 Transporter
  • 2042 Views
  • 2 replies
  • 1 Likes

DHCP Relay and virtual routers

Hi,

I have a PA500 configured with 2 virtual routers

In both virtual routers I have some zone, interfaces and networks.

For example:

VR1

- Zone1: Network Ethernet1/1.1 - Interface Type Layer3 - Tag 1 - IP 10.168.100.1 / 16

- Zone2: Network Ethernet1/1.2 -

...

diennea by L3 Networker
  • 5418 Views
  • 9 replies
  • 0 Likes

Custom App ID - Derived from usernames/http params

I am working with a client in an interesting situation..

We are basically needing to limit sections of the network where certain users and login to a web server. For example, only admins can login from zone1 and only users can login from zone2. The ap

...

SDorsey by L4 Transporter
  • 1857 Views
  • 2 replies
  • 0 Likes

Dynamic update internal firewall

Hi all,

We have an internal firewall that does not have no Internet access. I wonder what is the best way and best practice in updating the IPS / AV signature (no URL filtering).

Any recommendation?

Thanks

Remote Client VPN Configuration Options

Is it possible to configure remote vpn client access without a Global Protect Gateway license? It seems that remote client vpn configuration depends on HIP Objects/ Profiles, which in-turn requires Global Protect licensing. Is there a way to configur

...

phoberg by L0 Member
  • 3605 Views
  • 4 replies
  • 0 Likes

Setting up second gateway: Gives Cert CN error

Hello all,

I have a (working) Global Protect Portal+Gateway envrionment. I am now trying to setup a gateway in a second datacenter. I have setup the same GP-cert and Client-Cert, cert_Profile and GP Gateway settings. The gateway works, when setting a

...

bsanders by L2 Linker
  • 3076 Views
  • 2 replies
  • 0 Likes

How to custom a DNS query and block it ?

There has Dynamic Block Lists to block unwanted IPs.

And there has DNS signature in Anti Spyware profile.

Above are all helpful to block malicious sites.

And if I found a bad dns query, is there any way to create custom dns block lists?

Yscheng by L0 Member
  • 1595 Views
  • 1 replies
  • 0 Likes

Resolved! Scheduled Backups from Panorama to [location]

(Think I know the answer to this already but...)

Panorama 4.1.14

We have a NAS that I would like to push automated exports to from Panorama. I would like to ftp export to a specific path (we don't use user Home paths) but can't seem to do it. Only the

...

nickcx1 by Not applicable
  • 3217 Views
  • 3 replies
  • 0 Likes

Resolved! Possible issues with Application update version 396

We are seeing issues with Google ssl traffic being identified as Ultrasurf.  Problem went away when we backed out the update (which included updates to the ultrasurf application definition).  Ticket is into Support.  May want to avoid updating to 396

...

HITSSEC by L4 Transporter
  • 7831 Views
  • 17 replies
  • 0 Likes

PanGP- Connection verification

Hey guys,

Anyone has had this issue with GP?

The PanGP virtual NIC is making a "connection verification" for "ages" and nothing happens.

I have made a workaround to solve this problem but would like to know what is the reason for it.

Of 100 clients, I ha

...

ron_maiga by Not applicable
  • 3209 Views
  • 5 replies
  • 0 Likes
  • 23590 Posts
  • 103 Subscriptions
Top Solution Authors
Top Liked Authors
Labels