General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Streaming video server disconnecting every 30 seconds

Hi folks.I'm tearing my hair out with this one, so I'm hoping that someone can point me in the right direction.We have an installation of the Unreal Streaming Media server running in our DMZ off our Palo Alto firewall. This server is used as a central access point for both receiving and distributing streamed audio and video for business purposes...

darren_g by L4 Transporter
  • 19239 Views
  • 21 replies
  • 0 Likes

Resolved! is qos marking in security policies automatically applied bidirectionaly?

e.g If there is a security policy applied from just "untrust to trust" permitting Citrix traffic and giving it DSCP marking of AF4x .. will the return traffic from the connection that is flowing back from "trust to untrust" have the same AF4x DSCP marking automatically applied when it exits the untrust interface? or does that require another ex...

CMG by L2 Linker
  • 2967 Views
  • 1 replies
  • 0 Likes

Resolved! Asking about upgrade PANOS from 4.1 to 5.0.4 !!

I have Project with PAN 5020. After deploing Appliance to Customer site, they need me to make a test call UAT ( User Acceptance Test ) using Palo Alto.But when i working with UAT, i need using PANOS 5.0.4 , but the PANOS included in Appliance with PAN 5020 is 4.1 I have download 5.0.0 and 5.0.4, but i still can't update PANOS. The device alert...

MinhTuan by L0 Member
  • 2461 Views
  • 1 replies
  • 0 Likes

Resolved! PANOS 5.0

PAN seems tho have quietly released PAOS 5.0 a few days ago. Some nice new features in the release notes, but nothing beats real world feedback.5.If you are already running it, what enhancements do you value most ? What issues do you experience ?

dieter_b by L4 Transporter
  • 7152 Views
  • 8 replies
  • 0 Likes

Resolved! configuration help-vwire subinterfaces with different policies per vlans

Hi all,Its my first post here so I hope someone can answer my question regarding vwire subinterfaces.As I was looking through the older topics the thing I want to achieve is similar to this.https://live.paloaltonetworks.com/message/9679#9679however I want to use vwire subinterfaces instead of L2.According to course material it can be done.Basicl...

pkonitz by L2 Linker
  • 9011 Views
  • 4 replies
  • 1 Likes

Resolved! PA 5000 series grounding?

The PA 5000 series hardware reference guide does not show anything about the grounding lug that is present on the PA-5020 AC power firewalls. Is the grounding information the same as the PA-3000 series? 14 AWG, certified Lug crimpted, using a size #8-32 nut and star washer (supplied), torqued to 15 in.-lbs (not overtightened)?

ddaniels by Not applicable
  • 4615 Views
  • 4 replies
  • 0 Likes

Resolved! x-forwarded-for header parsing.

With the command "set system setting ctd x-forwarded-for yes" the x-forwarded-for header is parsed to populate the source.user field in the logs.However, which exact header is actually being parsed with this command?Is it "x-forwarded-for" ? ( according to the CLI guide)Or is it "x-fwd-for" ? (according to the KB article)or both ?Can it be chan...

Adding Threat Exceptions

Hi, I wonder if somebody can help me with a query?I am running a 2050 as my firewall (I am new to looking after Palo Altos!). I have colleagues building workstations at another site coming across a VPN to access resources at my site. The router and links are working fine. One particular application is not getting through and is being blocked...

phild by Not applicable
  • 6170 Views
  • 4 replies
  • 0 Likes

OID of the CPU and memory of PA-2050

Hi All,I have an OP manager (network monitoring tool). I want to integrate it with Palo Alto. Does anyone have the OID for the CPU and OID for the memory of PA-2050? Regards,Eugene

TSPI by L1 Bithead
  • 3095 Views
  • 3 replies
  • 0 Likes

Restrict VPN access to AD group

Hi,I want to give a VPN ipsec access to a group of users.In GlobalProtect Portal | Client Configuration, I set the AD group in Source User.My problem : all the users in the AD OU have access to the VPN despite they're not in the group.I must have missed something ...Someone already had this issue ?Thanx.

g_sipp by Not applicable
  • 15094 Views
  • 18 replies
  • 0 Likes

Resolved! block youtube highdef videos?

Anybody know if there is a HTTP header / URL or custom application signature which can be created to prevent users from playing back higdef youtube videos? e.g limiting them to only standard definition.Cheers,

CMG by L2 Linker
  • 3162 Views
  • 1 replies
  • 0 Likes

Blocking YouTube but still showing the video player

We do not want to allow access to YouTube, however if I just block streaming-media in the URL filter, any page that has embedded YouTube videos get a block message confusing users. They are thinking that the page is blocked not realizing it is YouTube. Is there an easy way to block the YouTube player from working on embedded videos? This woul...

nthen by L3 Networker
  • 2897 Views
  • 2 replies
  • 0 Likes

Captive Portal for more than one security zone

HiFew months ago I sucessfully configured CaptivePortal (in redirect mode) with SSL certyficate from StartSSL for one of my local network connected to PA200.Now I need to do the same for another local network, but on PAN I can only make one CP configuration, with one SSL cert.I have SSL cert for host cp1.mydomain.com. This dns entry pointing to ...

_slv_ by L4 Transporter
  • 8181 Views
  • 10 replies
  • 0 Likes

Resolved! Routing question - MPLS between two sites, with one of those connections being a failover ISP

Hello,I've got a scenario in which I'm not sure how to proceed.We have two sites, both sites just got new circuits.In Site A, we have two new circuits (ISP #1 and ISP #2). I've set up in my PA-500 Policy Based Forwarding to have ISP #1 as the primary internet connection, and if that drops, it will failover to ISP #2. We've tested this and it w...

uscit by Not applicable
  • 10577 Views
  • 9 replies
  • 0 Likes
  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels