General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! LDAP authentication not matching user groups

Hi.

I've got LDAP authentication configured to allow users into a Global protect portal. I'm 100% sure it works OK, because I can authenticate against it.

Trouble is, I *can't* get it to authenticate against an Active Directory group. if I add individu

...

darren_g by L4 Transporter
  • 7914 Views
  • 11 replies
  • 0 Likes

Resolved! Using wildcard cert

Being smart we thought it best to use a wildcard cert as we were going to be setting up about a half dozen SSL certs and various domains, that seem to be ever expanding.

One place we wish to use is on our PAN device for VPN access.

but as i go to impor

...

rhawley by L0 Member
  • 2651 Views
  • 1 replies
  • 0 Likes

issue with uturn nat, please help!

Hi All

I have a u turn nat rule and security policy in place that has been working fine to allow internal access to the external url of our exchange owa and now it has stopped working - nothing has changed on the firewalls or on the exchange system th

...

no fpga memory for dfa

Hi all,

I get some warning message as below, is there anybody meeting such messages?

What does it mean?

Nov 08 15:08:57 Warning: pan_fpga_alloc_dfa_partition(pan_fpga_handler.c:909): no fpga memory for dfa, subtype 2 size 180

Nov 08 15:08:57 Warning: pan

...

Blocking Downloads - Real World Examples?

We currently use our PAN in quite a dumb way where most internet access for end users is controlled by a single rule at the top of our rule set which simply allows https/https as outbound services, we don't block/allow specific applications but we do

...

Ipad detection

We've configured the PA500 to accept IPAD connections using IPSEC, but is there a way to detect the fact that an Ipad is connected using HIP rules?  We would like to only allow traffic to certain systems.

Version PA OS = 4.1.4

Clearing URL Continue Timeout

Hello,

   Converting from BlueCoat ProxySG's to PAN URL Filtering... Within a BlueCoat environment when you "coach" a user... you can have the Bluecoat use a cookie to tell when next to "coach" the user.  This can be cleared by deleting cookies...

   C

...

Art by L3 Networker
  • 2444 Views
  • 1 replies
  • 0 Likes

Destination NAT with PBF

Hello all,

I have a question if Destination NAT with PBF is supported.

I have two site A and B. All internet bound traffic is supposed to go out site A. Site B sends its traffic over a VPN tunnel to site A due to a default route. There are however some

...

andrew85 by L0 Member
  • 2426 Views
  • 3 replies
  • 0 Likes

NTop NetFlow

Hi all,

Does anyone have experience feeding NTop via NetFlow from their PA firewalls? I have it setup and sending flows but NTop sees all of the received flows as either "Flows with zero byte count" or "Flows with zero packet count" and discards them.

...

GV27 by L1 Bithead
  • 3990 Views
  • 5 replies
  • 0 Likes

Resolved! APP-ID detection capabilities in IP64 tunnels

Hi,

I placed a PAN device in VWIRE mode on the WAN side of a internet connection.

I planned to test the APP-ID capabilities of detecting IP64 tunnels.

Over this WAN link, a 6-4 tunnel exists with Hurricane tunnel-brooker.

The APP-ID is able to detect

...

wimjuste by L1 Bithead
  • 4872 Views
  • 5 replies
  • 0 Likes

Resolved! Panorama multiple interface

Hello,

I would like to know if it's possible to configure multiple ip interface on the panorama server ?

One interface to administer the server, and another one for communication with the PANs .

Regards,


IPS - set up packet logging

Dears,

I would like to know if there is a possibility to collect some packets before and after the packet that trigged the attack signature

it will be helpful in case of troubleshooting and confirm if this attack is a false positive or real attack( kno

...

  • 23579 Posts
  • 103 Subscriptions
Top Liked Authors
Labels