General Topics

File "Block" page showing when file "Block and Continue" set

I have an issue where I have set a 'Continue' action in a file download profile, but the file Block page is being shown instead.

There is a article on here saying to reset the relevant Response Page setting, but that does not work as the page being sh

...

Block-ip action for blocking brute force ssh doesn't seem to be working

We've been noticing that we are getting quite a bit of brute force ssh attempts on our system, so we decided tonight to put in a rule that blocks those attempts. I took one of our existing policies that just logs everything, and added an exception th

...

PA200 with DSL (Dynamic DHCP Client) causing slow web browsing and "incomplete" application in traffic monitor

Ever since I put my PA200 inline at my house, my internet has been running really slow.

In troubleshooting, I learned about the "More Runtime Stats" link in the virtual router. I needed this info to determine what traffic should be considered "intere

...

Running a custom report from the command line

Hi,

Is it possible to run a previously defined custom report from the command line?

br

mario;

Resolved! there is a way to log with alert when using a cat in TAB "Url Category"?

Hi,

All my URL profil is config with ALERT instead of allow. So i log any URL block or accept.

But the problem is im not able to ALERT if i unblock or block a category under policies TAB name "URL Category".

I have no choice, my rules are set in this w

...

Resolved! How do I block all URL traffic but a select few?

This question has been asked in a couple of different ways without a definitive answer that I can find.

My challenge is that we have an external engagement space where designers (internal and external) collaborate on projects. Users thin client into t

...

Resolved! Display 'Last logged in' info on user's logon screen

Hi,

Is it possible to display the timestamp of the last login on the logon screen (both in captive portal and at the globalconnect remote client)?

I think this is a nice assurance for the user to actually check that noone has used his account since his

...

HA Primary

Why is it when I have a HA pair with an identical link failure on both devices (same monitors configured), the device with the higher 'device priority' value (least preferred) becomes the Primary device?

When a pair of devices has the same failure the

...

Palo Alto start up queries

Hi everyone,

Just have some queries on Palo Alto firewalls posting some questions. Help on these is much appreciated.

what does the following command do

> show neighbour all

Does this function like Cisco discovery protocol to identify the peer CISC

...

Resolved! Syslog - What IP is Sourced in Syslog?

PA500 and syslog? What IP (or interface) is sourced from the PA to a syslog server? Is it a management interface? If you have multiple assigned management interfaces, which one?

Thanks.

Resolved! SSO Requirements

As with most things GlobalProtect I am having issues with a customer and am finding it difficult to find out why.

I guess the first question is do you need to use client certificates in order to use SSO with global protect?

The issue the customer has i

...

Resolved! unauthenticated users

Is there a simple way to prevent unauthenticated users from accessing the internet from the inside?

It is my understanding that you cannot negate AD Groups? True?

I was hoping to create a policy like this that would deny any unauthenticated users from

...

Does anyone know "flow_fwd_zonechange" and "Packet routed to different zone"???

Hello All.

I use PA-5050 , PANOS-4.0.9 , 10G Interfaces

DMZ zone has FTP Server. It work for file download service to Internet.

FTP data traffics are very slow (about 50KByte/s).

But the device is working "commit" that FTP data traffics are fast(about 10

...

Resolved! User-ID functionality for 5.0+

I am playing around with a new PA200 we recently purchased. I am interested in learning more about he new User-ID functionality that is built into firmware version 5.0+. Is there any documentation, white papers, etc. that I could use to try and get t

...

AD Tools and Lync do not work over our SSL-VPN

I connect to the VPN (NetConnect). I get all my ipconfig correctly. I can ping anywhere in the network.

If I bring up an MMC I can add an RDP snap-in and RDP to machines.

However, the AD, DNS, DHCP snap-ins cannot connect to our servers.

Checked the fir

...

Discussions