General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Netconnect File Extension

When I try to download the latest netconnect install file from the Software Updates web page it downloads without a valid file extension. When I download the file PanVPN-1.3.4 shouldnt it be PanVPN-1.3.4.msi ? I've tried renaming the file...

awdinfra by L0 Member
  • 3925 Views
  • 3 replies
  • 0 Likes

Resolved! Antivirus Compatibility Mismatch

Hi, i just realised that my two PA (active/passive) have an alert of HA Antivirus Compatibility. I have checked the version in Dynamic Updates and its the same in bot devices. CAn you tell me why this mismatch happens???I attached an screenshot with 2 device and the antivirus version

Facebook is not displaying its page/images properly when SSL Decryption is enabled

Facebook is not displaying its page/images properly when SSL Decryption is enabledany ideas why ?*Note: I have a rule allowing ANY destination with ANY application with ANY service, also another rule i tried was with ANY destination with Explicitly allowing all facebook applications on service ANY, and yet it didn't work.My SSL Forward certifica...

AKamal by L0 Member
  • 9117 Views
  • 7 replies
  • 0 Likes

Nested Active Directory Groups

Can it handle nested Active Directory groups?Security policy with a group which a user is not direct member of. When user tries connection through firewall then it checks the groups within the group (an so on).Can it be configured how deep the nesting is checked?

Anon1 by L4 Transporter
  • 7626 Views
  • 5 replies
  • 0 Likes

Resolved! Mac OSx & UserID

I have a question. Maybe someone has run across this.I am using the server monitoring function of PaloI realize that I can use the user-ID agent and set it to never forget the user mapping, but I am looking for a more accurate way of keeping this mapping.We have mac's that authenticate to a win 2008 domain. Initially I get the user to ip mapping...

Security Policy's and NAT

Hi,I Have configured a BYOD wireless ssid that is being forced to the internet via a port on our 2050. I am trying to get the network to be able to contact our mail server for exchange on mobile devices and also to have access to our content server redirect page. Our internal IP address for the BYOD is in the 172.x.x.x range. I am NATing these i...

mavant by Not applicable
  • 7401 Views
  • 11 replies
  • 0 Likes

Resolved! 2 isp 2vr asymmetric

Hi,2VR 2isp,2 seperate default GW (2 ppoe modems)PC A ---- internet through ISP 1we want to RDP TO ISP2's public ip and make destination NAT to PC AHow can we make this work ?New enforce symmetric return did not work .commit fails with ppoe is not supported error.

Destination NAT/PAT clarification

Prior to shooting myself in the foot I want to make sure I'm on the right track.I have an application where I'd like to take inbound connections directed at a particular port on my untrusted "outside" FW interface and redirect them to the same port on an RFC1918-addressed host on my trusted "inside" interface. That is:OUTfirewall:47808 -> INr...

MCmgt by L2 Linker
  • 8695 Views
  • 8 replies
  • 1 Likes

Resolved! Google Mail for Business

Hi all,Anyone has experience in using SSL decryption with Google Mail for Business? My concerns are the incoming emails will no longer go thru our mail content filtering engine and we don't have adequate tools to prevent data loss in outgoing mails (it's over SSL). This could be partially mitigated by using SSL decryption feature on the firewall...

Resolved! Question regarding ARP timeout

Hi,I have a question regarding ARP caching and timeout on the Palo Alto platform.Based on the output of the "show arp all" command, it looks as if the "default timeout" is 1800 seconds. I am doing some work with failover for a cluster inside my firewall, and I wanted to know if there was persistent ARP caching such that a different MAC address ...

dsulli99 by Not applicable
  • 4608 Views
  • 1 replies
  • 0 Likes

Firewall is doing packet captures on it's own

Hi,I just noticed two traffic log entries that had packet captures attached. I didn't enable this anywhere, and just to make sure, I just went through the whole config (all profiles) to make sure I didn't enable it by accident. Are thre any circumstances in which the firewall would take pcaps on it's own?If not, what keyword should I grep for in...

Groups that the user belongs to

Hi,When we want to look at ip address of a user show user ip-user-mapping ip ........Groups that the user belongs to (used in policy) comes empty.I trieddebug user-id refresh group-mapping allAlso I can see all gorups on group mapping.

TS Agent on Citrix XenApp 6.0 farm

Hello,Our XenApp farm IP range is dynamic and the servers could spin up on any number of IPs within a couple of segments. Does a TS Agent entry for every single possible IP need to be added on the PAN device, or can I configure it to look at a subnet range? My attempts at using subnets have not worked, but single IP entries do work. Thanks!Mikes

MGoodnow by L4 Transporter
  • 5067 Views
  • 3 replies
  • 1 Likes

Resolved! How does SSL inbound decryption work exactly?

I am not looking for a guide on how to configure it, there are plenty. What I want to know is how SSL inbound decryption works from an architectural point of view. In the docs it says that once you loaded the webserver's certificate onto the PAN device and enable inbound decryption, the traffic between client and server remains untouched. How is...

Radius Authentication

Hi,we use Vpn authentication for portal LDAP and for gateway RadiusUsers can connect using their names to portal with typing user and passwordafter that they type another user name and password for Radius.When we look we see the logs of users coming with username as just heir name.so policies are not working because policies are for users with d...

  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels