This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4228 Views
  • 0 replies
  • 0 Likes

Resolved! Setup SSLVPN w/ Radius Auth and limit to specific A.D. groups

What is the best way to accomplish this? I have the VPN setup with Radius auth and working correctly but in its current setup, ANY A.D. account can connect to VPN. I have already created the security groups to reference for access in A.D., just not sure where to just the access.

SDorsey by L4 Transporter
  • 2371 Views
  • 1 replies
  • 0 Likes

Policy allowing ping/snmp not performing as expected

I have a policy which allows icmp / ping / snmp-base / snmpv1 / snmpv2 however when I review the logs the traffic which matches this policy is being caught in a lower policy that is more general (and we are trying to get rid of). Someone told me that because icmp/ping are layer 3 and snmp is layer 7 that they cannot share a policy. I didn't beli...

Resolved! Traffic log CSV Export Bytes Column

Hello everybody,Software Version 3.0.5when we make an CSV export for the traffic logs,we have three columns with Bytes, called- Bytes- Bytes Send- Bytes ReceivedAll three columns have for the same row the same Byte values.So, what is it for!I thought there must be different values!Can sombody explain this, or is there a fix in another release!?K...

indevis by L2 Linker
  • 6945 Views
  • 7 replies
  • 0 Likes

Resolved! Vulnerability Protection - Exceptions?

Dear all,We've got one, okay, two little questions on the configuration of vulnerability protection:Assuming we have a security policy configured with the pre-defined vulnerability protection profile named "strict". From that policy we're getting "LDAP: User Login Brute-force Attempt" (ID 40'005, severity high) log entries from time to time. The...

oschuler by L4 Transporter
  • 5609 Views
  • 4 replies
  • 0 Likes

Resolved! Reports - Best way to see top URLs visited?

I'm struggling a little with the documentation on how to generate useful reports.If I look in the ACC or default reports I can see destinations but they are simply a mix of raw hostname and rdns lookups - they might show a lot of traffic to, say, a88-221-183-148.deploy.akamaitechnologies.com, but they won't show that traffic was actually people ...

Resolved! In which order are the fields (variables) in defaultformat for syslog?

Hi all,I use a tool for loganalyzing which isnt too happy of the PA default format for syslog which uses commas and no spaces.Like so: abc,def,ghiWhat I need is: abc, def, ghior even better: abc def ghiBecause of that I need to create a customformat for each of the syslog types Config, System, Threat, Traffic and HIP Match.Putting the variables ...

mikand by L6 Presenter
  • 3061 Views
  • 2 replies
  • 0 Likes

SSL Weak CBC Mode Vulnerability

Our box was scanned by Qualys and the SSL VPN portal cames up with the following message:If possible, upgrade to TLS v1.1 or TLS v1.2. If upgrading is not possible, then disabling CBC mode cipher will remove the vulnerability.Any ideas how to disable CBC mode cipher on the PA device. Is there any impact on doing this ?rgdsJohan

u5273 by Not applicable
  • 3217 Views
  • 2 replies
  • 0 Likes

Resolved! What is session_inter_cpu_sync_err count on global count???

HelloI am installing PA-5050 (PANOS-4.1.10) to my customer.I am monitoring all status of device.I am seeing many increase of global count.I have a question.What is session_inter_cpu_sync_err count on global count???andWhat is dfa_sw_fpga_not_loaded count on global count???Please let me know.

Advantages of Virtual Systems...

...What are the advantages of using Virtual Systems, other than being able to divide Management and Reporting of "Virtual" firewalls. In my case, I have a DMZ, Wireless, Trust and Untrust networks connected to a PA 5020. Should I split up the DMZ and Wireless networks into their own Virtual Systems?Something like this...eth1/1 - Untrust(intern...

jambulo by L4 Transporter
  • 6003 Views
  • 4 replies
  • 0 Likes

Resolved! BGP Configuration Clarification Needed

I am new to BGP. I am attempting to configure BGP as layed out in the following documentation with the Active/Passive configuration. I've been given an AS number and a block of /24 from ARIN. Step 2 under "Configuration for the Active/Passive Pair" explains that there needs to be a 3rd interface configured with the internal network IP address/s...

mario11584 by L4 Transporter
  • 18534 Views
  • 10 replies
  • 0 Likes

Forwarding mDNS (multicast DNS specifically for Apples' Bonjour Service)

Hi Guys,What support does the Palo Alto Firewall offer in terms of forwarding on mDNS (multicast DNS, more specifically Apples Bonjour Service)?I have a customer where they have the student and staff wireless network on a seperate VLAN, with the Palo Alto Captive Portal as the only route out. Will it require to add a "hardened" apple server to ...

Unknown user after install and configure UI Agen

Dear All, My PAN is 500 with 4.1.6 OS. I just migrate PAN agent to UI agent with version 4.1.6-5. After installation and configuration, I check the user-mapping the result show as following;> show user ip-user-mapping allIP Ident. By User Idle Timeout (s) Max. Timeout (s)--------------- --------- ...

how to block skype for 'trust' zone and allow for 'trust2' zone

Hi,I'm trying to block skype for one group of users (whitch are in 'l3-trust' security zone) and allow for second group (which are in 'l3-trust2' security zone).Both zones: 'l3-trust' and 'l3-trust2' are source-NATed to 'l3-untrust' zone, one interface, one IP address.I made policy rule allowing skype-probe from 'any' zone to 'any' zone and seco...

Captive Portal on connecting to SSID rather than via Browser for Apple devices - is it possible?

Hello Everyone,I was just wondering if it is possible to have captive portal pop up on connecting to a SSID rather than having the captive portal page upon accessing any website for apple devices? Captive Portal works on accessing any website using safari.I tried blocking www.apple.com/library/test/success.html as a custom url so that the iPad ...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks