General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

How can I only allow specific source address to insert XML-API request

Hi, all,As title, everybody can ask PA and insert the URI to do what they want PA to do if people have the plaintext key and correct URI request.I want to limit the request to only permitted source address, but I cannot find any app-id about it, how can I do?Thanks,Sample Wu

Resolved! Cannot log in after 5.0.5 upgrade

After upgrading from PAN-OS 5.0.4 to 5.0.5 and rebooting the primary 3020 of an HA pair, the logins we normally use tied to our Active Directory accounts are not working; they are giving us Invalid Logon messages. These Invalid Logon messages occur in both the GUI and CLI. I found an article mentioning the default login, at one point, was admi...

Resolved! Virtual IP

HiWe have a scenario wherein we should create a virtual private IP in Palo Alto and that virtual IP will connect to a public IP. For example:PA LAN IP: 192.168.1.1PA PUBLIC IP: 9.9.9.9Firewall Virtual IP: 192.168.1.254Public IP: 1.2.3.4Users will connect to 192.168.1.254 for ftp and 192.168.1.254 will connect to 1.2.3.4, which is a ftp server ho...

Resolved! Skype-probe rule catching other traffic

I have implemented the suggested Skype-Probe allow rule in order to block Skype. I have noticed that this rule will also catch traffic that is of the Application type Incomple and Insufficient-data. Just currious as to why it is ending up in this rule when the only application for the rule is skype-probe. A lot of times these non-skype-probe ...

Resolved! iPad App fails to connect

I have the global protect license and an active global protect subscription. Windows Laptops, Mac Laptops, and Android devices (using the app) can connect and access network resources. However I try with the iPad and it fails immediately. I get "Cannot connect to Global Protect. There appears to be a problem with your Internet connection or ...

Unable to get exchange logs

Hi,I have a PA500 on PANOS 4.1.9I'm doing some testing with Exchange, managing to get logs to identify iphones, ipads and android devices without a Captive Portal.Installed USER-ID agent version 5.0.2-2 on a DC, done auto discovery, removed all DCs and left only Exchange Server. It shows up as "connected".After that, i've tried syncing mails via...

Resolved! Captive Portal Behavior

We have configured the captive portal for category 'Adult and Pornography' . Our question is, will the captive portal start every time or only when you are an unknown user? If the user is known (using Active Directory), is the user still being prompted with the 'User Identification Portal' Continue page?Thank You!

What do 'SML VM Checks' and 'Detector Threats' do?

HelloWhat do 'SML VM Checks' and 'Detector Threats' do in software pool?These value was 1 when delayed to connect Web-Server.Connection is normal when these value was high.What do theses do? and what something do these influence FW?Thanks

Resolved! Unblock an ip after the block-ip action

Is there a way other than waiting for the timeout to expire to remove an ip from the list of blocked ip's once it is blocked by a rule with an action of block-ip? I hope that makes sense .Thanks,Jim

Report for CPU, Throughput, or Session

Hi,PA can create report for Traffic, Threats, URL... very well.However, I don't see any way to create report for CPU, Throughput, or Session in long time (about one week, or one month, whatever time),Please let me know, can PA do that?Note: Do not using SNMP.Thanks a lot.ThongPD.

Active FTP Timeout Issue

Working with Active FTP, we are having problems with transferring files larger than 1.5GB because the control channel hits the idle session timeout for FTP (set at 1800 seconds). Temporarily we have increased the timeout to 5400 seconds as a workaround but we are looking for an option to be able to tie the control channel lifetime to the data c...

"Could not set the session location" messages in Panorama

Hello,When I working over Panorama, I have a continuos messages, If I try to see security rules or traffic logs or change with and other device, It presents this message "Could no set the session location" any idea?Note Panorama version: 4.1.6 over VWware ESXi Best Regards

Resolved! Question on Admin roles and what they see

We have an intern who we have given admin rights to our Palo Alto boxes and Panorama. I created a custom Intern role for him that just gave him access to the logs and reports and things but then read only to everything else. What is happening is when he gets on the actual PA5050 box and goes to monitor or ACC where it shows an IP address it actu...

Is it possible to assign ip address to tunnel interface while using for s to s vpn?

Hi All,.Is it possible to assign ip address to tunnel interface while using for s to s vpn? if yes,.. what ip needs to be used? I am trying to do PBF to tunnel interface for which we need IP address assigned to tunnel interface.Regards,Gururaj

Resolved! Configuring s to s VPN between three devices.

Hi All,..We have two clients who have same ip subnets for VPN users ( ex. 192.168.29.0/24). Is it possible to configure PaloAlto to support both VPNs for different source users. VPN1: Source- 10.66.249.0/24 Destination- 192.168.29.0/24 Peer IP- X.X.X.X VPN2: Source...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

How can I only allow specific source address to insert XML-API request