General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

What do 'SML VM Checks' and 'Detector Threats' do?

HelloWhat do 'SML VM Checks' and 'Detector Threats' do in software pool?These value was 1 when delayed to connect Web-Server.Connection is normal when these value was high.What do theses do? and what something do these influence FW?Thanks

Resolved! Unblock an ip after the block-ip action

Is there a way other than waiting for the timeout to expire to remove an ip from the list of blocked ip's once it is blocked by a rule with an action of block-ip? I hope that makes sense .Thanks,Jim

jmayne by Not applicable
  • 6777 Views
  • 4 replies
  • 0 Likes

Report for CPU, Throughput, or Session

Hi,PA can create report for Traffic, Threats, URL... very well.However, I don't see any way to create report for CPU, Throughput, or Session in long time (about one week, or one month, whatever time),Please let me know, can PA do that?Note: Do not using SNMP.Thanks a lot.ThongPD.

ThongPD by L1 Bithead
  • 4271 Views
  • 3 replies
  • 0 Likes

Active FTP Timeout Issue

Working with Active FTP, we are having problems with transferring files larger than 1.5GB because the control channel hits the idle session timeout for FTP (set at 1800 seconds). Temporarily we have increased the timeout to 5400 seconds as a workaround but we are looking for an option to be able to tie the control channel lifetime to the data c...

"Could not set the session location" messages in Panorama

Hello,When I working over Panorama, I have a continuos messages, If I try to see security rules or traffic logs or change with and other device, It presents this message "Could no set the session location" any idea?Note Panorama version: 4.1.6 over VWware ESXi Best Regards

mchavez by L0 Member
  • 3300 Views
  • 3 replies
  • 0 Likes

Resolved! Question on Admin roles and what they see

We have an intern who we have given admin rights to our Palo Alto boxes and Panorama. I created a custom Intern role for him that just gave him access to the logs and reports and things but then read only to everything else. What is happening is when he gets on the actual PA5050 box and goes to monitor or ACC where it shows an IP address it actu...

JeffTQT by L2 Linker
  • 3958 Views
  • 3 replies
  • 0 Likes

Resolved! Configuring s to s VPN between three devices.

Hi All,..We have two clients who have same ip subnets for VPN users ( ex. 192.168.29.0/24). Is it possible to configure PaloAlto to support both VPNs for different source users. VPN1: Source- 10.66.249.0/24 Destination- 192.168.29.0/24 Peer IP- X.X.X.X VPN2: Source...

Gururaj by L4 Transporter
  • 3256 Views
  • 4 replies
  • 0 Likes

Resolved! GotoMeeting with Outbound SSL decryption

Hi all,I'm testing out the SSL forward proxy feature of the PAN and the only issue I have is that gotomeeting doesn't work.I configured it with the guide from the website here and made the two rules one which says don't inspect banking/medical etc. followed by the decrypt all rule. I cant figure out how to tell the PAN to not try and decrypt th...

Resolved! about agentless user-id in panos-5.0

HelloI have a questions about agentless user-id in panos-5.0.I know that cache time of user-ip mapping information is 45 minutes(default) on agent and cache time is 1 hour(default) on FW in PANOS-4.1.Are these time values same in PANOS-5.0?If it is right,Do user ip mapping in MP run instead of agent role in PANOS-4.1? Are MP cache times 45minute...

Could enabling Wildfire possibly cause TCP Transmission errors?

Having Intermittent failures when downloading files on 4.1.11 with Wildfire enabled. I am seeing the following errors in the packet capture, [TCP Previous segment lost] [TCP segment of a reassembled PDU], [TCP Out-of-order] [TCP segment of a reassembled PDU], [TCP Dup ACK 170#1]. When downloading files on a different PAN, with 4.1.7, no wildfi...

tstores by Not applicable
  • 4644 Views
  • 3 replies
  • 0 Likes

HA A/A.. tunnels connecting through fixed IP and not floating IP

Greetings,We have our first tunnel up and running, but it’s connecting on the fixed IP address, not the floating IP. This eliminates the failover capability.Could this be a simple configuration parameter, or a bug?How can I fix this. I havent worked much on A/A so I am not sure how it works

rkamat by Not applicable
  • 2174 Views
  • 1 replies
  • 0 Likes

User usage report enhancements

Based on what I am seeing, there does not seem to be a way where I can limit what users can be reported against. For example, I have a help desk manager that needs to only see his staff. Right now, based on the way the firewall functions, he can see what the president of the company is doing online. Per our company policy, all URLs must be lo...

nthen by L3 Networker
  • 3421 Views
  • 3 replies
  • 0 Likes

4.1.13 stable?

I have been running 4.1.12 for some time. For me, this has been a stable release. 4.1.13 has been out since 5/30/2013. I do not see any discussion on 4.1.13 in the forums. Are people generally pleased with 4.1.13? I'm considering upgrading my HA pair of 2050's to 4.1.13.Thank you.

EdwinD by L3 Networker
  • 3973 Views
  • 5 replies
  • 0 Likes
  • 24395 Posts
  • 123 Subscriptions
Top Solution Authors
Labels