This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! Question regarding ARP timeout

Hi,I have a question regarding ARP caching and timeout on the Palo Alto platform.Based on the output of the "show arp all" command, it looks as if the "default timeout" is 1800 seconds. I am doing some work with failover for a cluster inside my firewall, and I wanted to know if there was persistent ARP caching such that a different MAC address ...

dsulli99 by Not applicable
  • 4418 Views
  • 1 replies
  • 0 Likes

Firewall is doing packet captures on it's own

Hi,I just noticed two traffic log entries that had packet captures attached. I didn't enable this anywhere, and just to make sure, I just went through the whole config (all profiles) to make sure I didn't enable it by accident. Are thre any circumstances in which the firewall would take pcaps on it's own?If not, what keyword should I grep for in...

Groups that the user belongs to

Hi,When we want to look at ip address of a user show user ip-user-mapping ip ........Groups that the user belongs to (used in policy) comes empty.I trieddebug user-id refresh group-mapping allAlso I can see all gorups on group mapping.

TS Agent on Citrix XenApp 6.0 farm

Hello,Our XenApp farm IP range is dynamic and the servers could spin up on any number of IPs within a couple of segments. Does a TS Agent entry for every single possible IP need to be added on the PAN device, or can I configure it to look at a subnet range? My attempts at using subnets have not worked, but single IP entries do work. Thanks!Mikes

MGoodnow by L4 Transporter
  • 5017 Views
  • 3 replies
  • 1 Likes

Resolved! How does SSL inbound decryption work exactly?

I am not looking for a guide on how to configure it, there are plenty. What I want to know is how SSL inbound decryption works from an architectural point of view. In the docs it says that once you loaded the webserver's certificate onto the PAN device and enable inbound decryption, the traffic between client and server remains untouched. How is...

Radius Authentication

Hi,we use Vpn authentication for portal LDAP and for gateway RadiusUsers can connect using their names to portal with typing user and passwordafter that they type another user name and password for Radius.When we look we see the logs of users coming with username as just heir name.so policies are not working because policies are for users with d...

Resolved! Excel XLSX recognized as ZIP file

Hello,I configured a File Blocking profile to block specific file format (like Exe, PE, RAR, etc).Unfortunately, this profile also blocks Excel file in new format (.XLSX).No problem, with the old format (.XLS) !!After reading some doc, it seems that .XLSX is a compressed archive with a directory structure of XML text documents.How can I block ZI...

licenselu by L4 Transporter
  • 7964 Views
  • 2 replies
  • 1 Likes

Resolved! Not Receiving Scheduled Reports

Kind stumped on this one. I have some scheduled reports I'm not receiving. I was getting them on a daily basis as configured in the email scheduler but they just stopped one day and no changes to the firewall were made. I've created a report group, an email scheduler, and email server profiles. Under the email scheduler, I've sent myself a test ...

Palo Alto as a route reflector

Hi,I have a couple of PA-500 clusters and I want to use them as route reflectors for my internal BGP network. There doesn't seem to be anything in the documentation on how to do this but the documentation suggests the Palo will do it, I was wondering if anyone here had got it working? So far I've configured the cluster ID and set the peer device...

Gareth by L1 Bithead
  • 4959 Views
  • 5 replies
  • 0 Likes

Resolved! Some has a problem blocking Youtube Application?

I recently had problems with blocking youtube, I added a policy where I deny the application access to youtube. When I go to the YouTube page and I try to watch a video, the first time if it hangs correctly, but if I try more times with other videos, the application is no longer blocked and can see the videos on youtube.In the monitor tab, I see...

Resolved! DNS proxy policy

when you create a dns Proxy policy you declare only the ingress interfaceor egress interface ?

Gregoux by L4 Transporter
  • 3594 Views
  • 3 replies
  • 0 Likes

Resolved! group member attribute

when you create a ldap profile by default the group member attribute is defined to member my question is member for palo does mean "memberOf" for Ldap group attribute.and in this way each autentication request is answer with all users nested groups

Gregoux by L4 Transporter
  • 4825 Views
  • 4 replies
  • 0 Likes

https coaching page - Connexion reset depend of browser

Hi all,Configure a continue action on certain url category. If request in made in http no issue. If request is made in https, depend of your browser, I have - Chrome V27.0.1453.110 m => erroe page with connexion reset - FireFox V21 => erroe page with connexion reset - IE V9 => coaching page with no problem, able to click on continu butt...

VinceM by L5 Sessionator
  • 3856 Views
  • 5 replies
  • 0 Likes

client cert invalid message when connecting global protect with client cert

HelloI had tested to connect global protect with client cert successful in my lab.(PANOS-5.0.x)I am installing global protect on my custom device.(PANOS-5.0.x)But I don't connect with 'client cert invalid' message.I had installed the following in my lab at old days.1. self generated certificate.2. subject > common-name. profile name is 'test'...

IPsec X-Auth with RSA On-Demand Tokens

Hi, I have PAN working with RSA On-Demand tokencodes (these are SMS-based tokens) when using GlobalProtect and the management UI but cannot get it to work with IPsec X-Auth. RSA On-Demand tokens work like this:1) User enters their username and PIN to log in2) Firewall sends RADIUS Authentication message to RSA server which, if the PIN is valid, ...

  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks