General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Sessions still active on the PA after having disconnected the VPN GP connexion

Hi,I've noticed a particular issue concerning sessions started from a VPN connection.We have a cluster of 2 PA-5020 in actif/passif mode. These are configured as firewalls and VPN gateway with GlobalProtect clients.We have two categories of users who can be differentiated with the corresponding ldap groups when connecting with GlobelProtect.One ...

cnamurdc by L1 Bithead
  • 3570 Views
  • 1 replies
  • 0 Likes

Resolved! Block user but allow captive portal

Hello,I have been asked to block a students account from all web access but then to allow a lecturer to authenticate her connection via the captive portal.I don't know if this can be done.All users are authenticated at login (AD User-ID) and are allowed to browse according the their group/policy.I need the system to be able to block the user but...

breezer by Not applicable
  • 3873 Views
  • 4 replies
  • 0 Likes

Resolved! PA-2050

Hello,I have been using PA-2050 for almost 8months and on my way of lauching Global Protect.My question is: how many simultanously Global Protect users can be on, without us having performance issues for the FW?Thanx in advance./Ron

ron_maiga by Not applicable
  • 2187 Views
  • 1 replies
  • 0 Likes

Is Traffic Pattern / behavior based detection is possible in PaloAlto as in the Cisco,.

Hi All,.Is Traffic Pattern / behavior based detection is possible in PaloAlto as in the Cisco,.In Cisco it works as fallows,.if we have enabled traffic sensor for particular time period it will calculate the percentage of traffic based on protocols as shown belowHTTP - 30% FTP - 20% HTTPS- 50% and this information will be used in fut...

Gururaj by L4 Transporter
  • 2222 Views
  • 1 replies
  • 0 Likes

Resolved! Custom URL category - URL filtering logs displays which category?

Hey all,Suppose I create a Custom URL category called "myCategory", including "*.microsoft.com" and "microsoft.com".Before implementing the changes, I see in the URL logs the following category:business-and-economyAfter creating the category, I still see business-and-economy even after "clear url-cache all".However, when I create a Custom URL ca...

Data plane utilization

Hi,PA 2050 pan OS 5.0.7, data plane utilization show 94- 98 % during day time, is this creates a bottleneck in our network?Thanks

mgeorge by L0 Member
  • 8310 Views
  • 10 replies
  • 0 Likes

Internet browsing is slow through PA 2050 with PAN OS 5.0.4 .

Hi All,Internet browsing is slow through PA 2050 with PAN OS 5.0.4 , below are the some outputs from CLI. Can any one analyze the outputs given below tell me the root cause for slowness?Decryption is not enabled.admin@PA-2050> show session info--------------------------------------------------------------------------------Number of sessions s...

Gururaj by L4 Transporter
  • 4045 Views
  • 3 replies
  • 0 Likes

Resolved! Unable to block port scanning even after enabling "zone protection profile".

Hi All,How to block port scanning?I tried by defining the "zone protection profile" and using it in "zone" with below settings and used "tenable Nessus" tool to perform port scanning and it was successful,. It is not getting blocked,.. please any one can guide me?No thread logs were found, Any further settings required?Regards,Gururaj

Gururaj by L4 Transporter
  • 5126 Views
  • 2 replies
  • 1 Likes

User ID mapping update

Hi,How regularly should the user-id mapping take place in the pan agent.If I log into the > Program Files> Palo Alto Networks > Panagent folder, and review the user_ip_maptext file, it shows the last dated of June, 2013.But this is the month of Sep, 2013.Why does this not show the latest, what do I do to update this so it reflects the l...

rz185016 by Not applicable
  • 4104 Views
  • 4 replies
  • 0 Likes

Resolved! Accessing all company networks with GlobalProtect client

Hi!Basic info:PA-500 (software version 5.0.7)Main location network: 10.10.1.0/24Branch location network: 192.168.1.0/24GlobalProtect client IP pool: 10.10.3.10 - 10.10.3.254We have main location network and branch location network connected thru IPSec VPN. Our PA-500 is located on main location and handles GlobalProtect clients connections. When...

kpv by L1 Bithead
  • 7743 Views
  • 9 replies
  • 0 Likes

Client VPN traffic and routing over IPsec Tunnel

Hi there,Here is our scenario that I am trying to figure out.We have two sites (main office and a rack in a data center) that are connected via PAN-2020's on both sides through a IPsec Tunnel. I am trying to route Client VPN traffic that connects at our main office to go over the site-to-site tunnel to access some web servers there. It seems the...

cmateam by L3 Networker
  • 9682 Views
  • 5 replies
  • 0 Likes

Having trouble with link aggregation using 10G ports

We have a cluster of two PA-5060 running in active-passive mode. Two 10G interfaces are configured as an aggregated interface. They are connected to two Avaya 8600 switches which are running SMLT. Whenever a failover happens, the aggregated interface fails. We have to unplug and re-plug in the cable to make the interface start working again. Sh...

Resolved! Traffic Filter by Address Groups

Is it possible to create a traffic filter using an address group as the src or dst?I have an address group with around 15 IPs in it that I would like to filter on in the traffic logs.

AmyTyler by L2 Linker
  • 3729 Views
  • 2 replies
  • 0 Likes
  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels