General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Need help with BGP in Active/Active HA

We have a pair of 5520's in Active/Active mode at a colocation facility. The colocation facility is handing off to us 2 separate LC fiber connections, each has it's own public /30 address but utilize the same AS number for our BGP. We have a /24 from the collocation facility that we can advertise on our PA HA pair. We want to stay Active/Acti...

Commit failure 4.1.10

After my Palo Alto 2050 in HA active/passive is up for about 1 week, I begin to get errors committing policies.Management server failed to send phase 1 abourt to client logrcvrManagement server failed to send phase 1 abourt to client sslvpnManagement server failed to send phase 1 abourt to client websrvrcommit failedThis gets worse as uptime inc...

EdwinD by L3 Networker
  • 7037 Views
  • 8 replies
  • 0 Likes

Resolved! The hunt is on - 0day for java 1.7u10

How many hours/days will it take for:1) Wildfire customers2) Regular customersto get protected by a threat-db update regarding the latest 0day exploit for java 1.7u10 (and possible java 1.6u38) as descibed in:Malware don't need Coffee: 0 day 1.7u10 spotted in the Wild - Disable Java Plugin NOW !http://labs.alienvault.com/labs/index.php/2013/new-...

mikand by L6 Presenter
  • 9366 Views
  • 14 replies
  • 2 Likes

Resolved! Upgrade Palo Alto version

Hi,I have 2 problems:1) I refresh the Software in my Palo Alto and i cant see the new versions 5.x. The last version that i can dowload is 4.1.11. Why i can refresh the new releases????? I attached a screenshot with the error and the succesfull connecting to staticupdates.paloaltonetworks.com2) I want to do an upgrade in this firewall from versi...

Resolved! Problem LDAP

Hi I have a problem with my firewall palo alto. I hope you can help meI had configured an LDAP server (Active Directory) in my Palo Alto. Also I had created two Atuhentication profile. One for VPN access and another for the administration of Palo Alto.But from yesterday that I made ​​a commit to add a new user to access the VPN "Authentication ...

QoS

Hi,Please help me out with the below issue and relevant links to configure QoS also will be helpful.I have configured QoS Profile for class 8 traffic. and QoS Policy .. and then assigned the QoS Policy to an physical interface.I have initiated some class 8 traffic and allowed the traffic to pass through the assigned interface..The issue is when ...

HA and stateless connections...

Ok, I have what may be a newbie type question, but it is one that I wanted to ask.In the PA 201 class, they teach for HA, that stateless connections are not synched.What is considered a stateless connection? I do not think it would be UDP traffic (although this comes to mind), but if I am running a audio or video call to the Internet, it is goi...

scantwell by L4 Transporter
  • 3754 Views
  • 4 replies
  • 0 Likes

Resolved! Global Protect portal authentication with LDAP fails

We have set up GP to authenticate against an AD server . User group mapping has done and u can pull the users . However, whenever you try to connect with one of the users from the GP client or portal web page , you get authentication fails message . Connecting with local db works fine . Any ideas ? I saw an article about spaces in the authent...

usvi by L3 Networker
  • 5531 Views
  • 9 replies
  • 0 Likes

Resolved! vwire policies

HI all,when we deploy the paloalto firewall in vwire mode and we have multiple zones (system zone, application zone, bdd zone), can we create rules to permit traffic between these zones through pan firewall ??thank's in advance

atelcom by L3 Networker
  • 6060 Views
  • 4 replies
  • 0 Likes

Palo alto starter questions

Hi,Iam a starter for paloalto .. I have few questions so any answers on this will be help full...What is dynamic block lists and how can we use that?What is disable server response inspection in a security policy?how to add virus exceptions based on threat ID , because we don't see any database unless we specify the threat IDWhat is Log containe...

Wildfire - Time required to block known malware

Using the 'free' Wildfire service, does anyone know how long should I expect the delay to be before downloads marked as malware are blocked subsequently?For example, today we had a download ("pdf_delta_ticket.scr" below) that was logged as upload-skip which to my knowledge means that it has been seen before by this device. As the last previous ...

apackard by L4 Transporter
  • 3741 Views
  • 3 replies
  • 0 Likes

Resolved! Panorama WildFire Reporting

Hello,I could not find any documentation on this inquiry. Is it possible in 5.0.x to get the Wildfire aggregation logs from all my PAN devices to the Pano log Monitor for central reporting? Thanks!Mike

MGoodnow by L4 Transporter
  • 4009 Views
  • 3 replies
  • 0 Likes

Resolved! Skype IM Problem

Hi,I've some problems with skype instant messaging.Sometimes the messages are not sent.Checking firewall logs I see when messages are not sent an 'unknown-tcp' connection is denied.Same destination port (but different ip) were used and recognized before as 'skype' connectionFor exampleTime App From Src Port SourceRule...

diennea by L3 Networker
  • 25418 Views
  • 40 replies
  • 0 Likes

Resolved! PAN-OS User-ID agent limits

I have found documentation that states that the UserID software agent can support up to 100 domain controllers and/or Exchange servers. Is this for both the standalone agent and the built-in agent on a 5.0 firewall. Or is there a smaller design limit for the built-in UserID agent? Can someone reference a document that explains this? Thanks

scantwell by L4 Transporter
  • 5950 Views
  • 1 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels