General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! User-ID functionality for 5.0+

I am playing around with a new PA200 we recently purchased. I am interested in learning more about he new User-ID functionality that is built into firmware version 5.0+. Is there any documentation, white papers, etc. that I could use to try and get t

...

AD Tools and Lync do not work over our SSL-VPN

I connect to the VPN (NetConnect). I get all my ipconfig correctly. I can ping anywhere in the network.

If I bring up an MMC I can add an RDP snap-in and RDP to machines.

However, the AD, DNS, DHCP snap-ins cannot connect to our servers.

Checked the fir

...

Resolved! Apple or Mac viruii scanning

Group

I have a student in one of my classes who asked what scanning techniques do we have, surrounding the AV security profiles that we apply.

Apple File Protocol is not one of the 6 precanned decoders that we apply in our AV scanner.

How does/would Pal

...

scantwell by L4 Transporter
  • 1862 Views
  • 1 replies
  • 0 Likes

Resolved! HOW to disable DHCP Lease start in system log

Hello,

DHCP server is enabled on PA for some customers.

It works fine BUT it creates a lot of entry in the sytem logs.

( receive_time leq '2013/02/06 11:49:27' ) and ( subtype eq dhcp ) and ( severity eq informational ) and ( eventid eq lease-start ) an

...

licenselu by L4 Transporter
  • 2712 Views
  • 3 replies
  • 0 Likes

Resolved! Global Protect Setup

I have attached pictures of my current Global Protect setup. Now we have had a request to allow IPAD's, and Android tablets on to the VPN. Can I have multiple profiles? One for our Domain laptops and one for tablets? I see from the documentation that

...

Resolved! Selective cut-paste of the config

Hi,

I have to deploy 9 PA boxes. I would like to create all objects on one box and copy that section to all the boxes. How do I achieve that? The config seems to be in XML format and section cut-paste is not working on command line. So far only way I

...

smunzani by Not applicable
  • 4841 Views
  • 5 replies
  • 0 Likes

Number of supported Global Protect clients per box ?

In all the specifications sheets there is a different number listed for the concurrent SSLVPN and IPSECVPN supported clients.

eg. on a 5020

  • 2,000 IPSec VPN tunnels/tunnel interfaces
  • 5,000 SSL VPN Users

I find these number very confusing :

Globalprotect

...

Resolved! Threat Prevention Throughput

Hi,

Just want to know if there is a way to see how much threat prevention throughput is consuming? The command I use to check for the current throughput is show systems statistics sessions but I believe this is for the firewall throughput. Please corr

...

Blocking jar and class files. What about *.pack.gz?

To mitigate the threat of the non stop java exploits Ive started to block jar file and class files. Now in the data filter logs i spot *.jar.pack.gz files. Im wondering about a few things

  1. Is blocking jar and class files a good mitigation against brows
...

choff123 by L3 Networker
  • 3173 Views
  • 3 replies
  • 0 Likes

Resolved! flow_inter_cpu_nat_mismatch

Hi All,

   Noticed this Global Counter incrementing on our 5060 platforms ( running 4.1.x code ). When messing with the command "set session processing-cpu" and pointing all new sessions to a single CPU the counter stop incrementing (makes sense, no i

...

dpenhall by L2 Linker
  • 1635 Views
  • 1 replies
  • 0 Likes

Shared Application Groups in Panorama Version 5

In Panorama Version 5 it can be configured that address and service objects are only applied to firewalls which actually need these objects because they are used in the policy. Unused objects are not pushed to the firewall. However we found out this

...

Anon1 by L4 Transporter
  • 1575 Views
  • 1 replies
  • 0 Likes

GlobalProtect Vsys issue

Hello

I want to configure GlobalProtect Remote Access to limit the connection to a Vsys from external administration users to just the ones that uses VPN.

I have tried on a PA-200 and works but There's an error when I configure the same settings on PA-

...

Resolved! Routing Daemon

Hi All. Could you please let me know the routing daemon used in Palo Alto firewalls.

Thanks in advance.

Hari.R

Resolved! DHCP - Getting info on allocated IPs

We have our PA-500 setup on our company's public network.  This network is used by employee's personal machines and clients machines when they come into our office.

We have run into a few situations that we can see someone is most likely infected as t

...

smithp by L0 Member
  • 1779 Views
  • 1 replies
  • 0 Likes

Need another BGP instance on Virtual Router

So I need another BGP instance on a virtual router of mine... but ive read that its not possible


Admin Guide

The firewall provides a complete BGP implementation that includes the following features:

Specification of one BGP routing instance per virtual

...

choff123 by L3 Networker
  • 2980 Views
  • 2 replies
  • 0 Likes
  • 24181 Posts
  • 101 Subscriptions
This widget could not be displayed.
Top Solution Authors
Top Liked Authors
Labels