Did you know that you can help your fellow community members by accepting solutions when a reply answers your question Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature
...
We have a distributed and homogenous environment. We have the UserID agents running to collect Windows users to IP mapping via the Netbios and DC Sec log polling. This works well, however we are unable to pick up our Linux/Unix users as they use loca
...
Since november we have not received any content updates from updates.paloaltonetworks.com. We changed the rules so every update server (including amazonws.com) was allowed.
Now the updates start, I see a succesful connection to updates.paloaltonetwork
...
I've got an HA A/P pair where the primary is included in a device group and managed via Panorama. The configs are sycnhed and everything is matched; however, the peer has no inherited policy from Panorama. Any ideas?
I'm new to this world and am looking for some advice of where to install the UserID Agent.
I'm thinking one of the most efficient places to put it would be a domain controller.
User identification is very important to us and we want to be able to id a
...
We have an issue with pages sometimes not loading without pressing F5 to refresh them. It seems to be a variety of sites - http mainly but some https. Large downloads will pause or fail. The resources look okay - 5050 with 200Mbps ethernet to inte
...
Hi,
I am in the start of setting up Threat log forwarding to Syslog and/or SNMP-traps.
Do I really have to enter every single rule to enable this logging or is it a smarter way of doing this ??
I really hope that I am not forced to add the same log forw
...
When using custom applications to enforce Google SafeSearch settings, the user is not redirected to a block page if, for example the user tries to access Google and has disabled the SafeSearch feature. In this case, the user isn't redirected to a blo
...
I note that the PA-2050 units I have running 4.1.7 PanOS generate their syslogs as UDP/514. Is there any way to tell the unit to use TCP for syslog messages?
Our SIEM/syslog collector (AlienVault) seems to be missing some of the syslog messages we (
...
Hi All,
"Save the telnet" movement inspired me . I'd like to find out if any one is experiencing same limitations I do:
- " at least 7 bytes" limit in Custom Data Patterns.
- "regex" has very limited capabilities in Custom Data Patterns.
Would adding t
...
I have a network that I want to allow MS product activation to work but web browsing and other internet activity to be denied.
I have two main security policies that apply just to this network although DNS and ntp is also allowed:
The first one is an a
...
Hi guys,
It looks like our PA-2050 is not purging old log files from the database. When we log in to the Web UI we get alarms like this:
According to the documentation this error shouldn't occur. The PA box should automatically purge old log entries wh
...
Our users private devices are on a separate subnet/vlan and a separate PA zone using the Google DNS servers. I have been forcing a captive portal in order to enable user ID for these devices. This has been working fine.
I have set a rule so that the
...
In Panorama, is it possible to assign an admin role to a vsys? I don't see the option on the admin role tab in Panorama. I only see it on the device itself. Please see attached screen shots as a comparison between the Panorama view and the Device vie
...
Was working for a while the the interface decided to go down and I kept getting this warning every time I commit. I have checked both ends and it seems to me that the 10gig interface on the palo side is bad. Both are the same so I do not understand
...
Is there a way to do DNS Re-write or DNS Doctoring in the PAN similar to Cisco's ASA?
PavelK
on:
Clarification which update to use for CVE-2023-38802 (VM-100)
OtakarKlier
on:
How to configure ipsec vpn
