General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 423 Views
  • 0 replies
  • 2 Likes

Resolved! OCSP on SSL decrypt with self signed certificate

When enabling OCSP and having a self signed certificate for SSL decryption

(we push the certificate to all our domain clients)

will OCSP check my self signed certificate against the OCSP responder (and fail because it is unknown)?

Or will it only check

...

mr.linus by L4 Transporter
  • 6922 Views
  • 10 replies
  • 0 Likes

Resolved! Problem VPN Split-Tunneling

Hi everybody.

I've got a strange problem related to split tunneling in PAN configuration. The situation is:

- Portal and Gateway configuration in PAN-2050 with PANOS 4.1.7 (same results with 4.1.6 and 4.1.5).

- VPN client Cisco compatible (Windows and L

...

Packet capture of specific Security Rule?

I need to confirm what traffic data (specific DNS Request strings inside the packet) is hitting two specific Security rules, so would like to capture just the traffic that is hitting these rules. Is there any way to do this?

I have run the Packet Capt

...

Netconnect File Extension

When I try to download the latest netconnect install file from the Software Updates web page it downloads without a valid file extension. When I download the file PanVPN-1.3.4 shouldnt it be PanVPN-1.3.4.msi ? I've tried renaming the file...

awdinfra by L0 Member
  • 3160 Views
  • 3 replies
  • 0 Likes

Resolved! Antivirus Compatibility Mismatch

Hi, i just realised that my two PA (active/passive) have an alert of HA Antivirus Compatibility. I have checked the version in Dynamic Updates and its the same in bot devices. CAn you tell me why this mismatch happens???

I attached an screenshot with

...

Nested Active Directory Groups

Can it handle nested Active Directory groups?

Security policy with a group which a user is not direct member of. When user tries connection through firewall then it checks the groups within the group (an so on).

Can it be configured how deep the nestin

...

Anon1 by L4 Transporter
  • 5310 Views
  • 5 replies
  • 0 Likes

Resolved! Mac OSx & UserID

I have a question. Maybe someone has run across this.

I am using the server monitoring function of Palo

I realize that I can use the user-ID agent and set it to never forget the user mapping, but I am looking for a more accurate way of keeping this map

...

JoeU by L1 Bithead
  • 6072 Views
  • 5 replies
  • 0 Likes

Security Policy's and NAT

Hi,

I Have configured a BYOD wireless ssid that is being forced to the internet via a port on our 2050. I am trying to get the network to be able to contact our mail server for exchange on mobile devices and also to have access to our content server r

...

mavant by Not applicable
  • 5404 Views
  • 11 replies
  • 0 Likes

Resolved! 2 isp 2vr asymmetric

Hi,

2VR 2isp,2 seperate default GW (2 ppoe modems)

PC A ---- internet through ISP 1

we want to RDP TO ISP2's public ip and make destination NAT to PC A

How can we make this work ?

New enforce symmetric return did not work .commit fails with ppoe is not su

...

panos by L6 Presenter
  • 3360 Views
  • 5 replies
  • 0 Likes

Destination NAT/PAT clarification

Prior to shooting myself in the foot I want to make sure I'm on the right track.

I have an application where I'd like to take inbound connections directed at a particular port on my untrusted "outside" FW interface and redirect them to the same port o

...

MCmgt by L2 Linker
  • 6343 Views
  • 8 replies
  • 1 Likes

Resolved! Google Mail for Business

Hi all,

Anyone has experience in using SSL decryption with Google Mail for Business? My concerns are the incoming emails will no longer go thru our mail content filtering engine and we don't have adequate tools to prevent data loss in outgoing mails (

...

Resolved! Question regarding ARP timeout

Hi,

I have a question regarding ARP caching and timeout on the Palo Alto platform.

Based on the output of the "show arp all" command, it looks as if the "default timeout" is 1800 seconds.  I am doing some work with failover for a cluster inside my fire

...

dsulli99 by Not applicable
  • 3068 Views
  • 1 replies
  • 0 Likes

Firewall is doing packet captures on it's own

Hi,

I just noticed two traffic log entries that had packet captures attached. I didn't enable this anywhere, and just to make sure, I just went through the whole config (all profiles) to make sure I didn't enable it by accident. Are thre any circumsta

...

Groups that the user belongs to

Hi,

When we want to look at ip address of a user

show user ip-user-mapping ip  ........

Groups that the user belongs to (used in policy) comes empty.

I tried

debug user-id refresh group-mapping all

Also I can see all gorups on group mapping.

panos by L6 Presenter
  • 2268 Views
  • 4 replies
  • 0 Likes
  • 23695 Posts
  • 110 Subscriptions
Top Solution Authors
Labels