This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

GlobalProtect Vsys issue

HelloI want to configure GlobalProtect Remote Access to limit the connection to a Vsys from external administration users to just the ones that uses VPN.I have tried on a PA-200 and works but There's an error when I configure the same settings on PA-5050 with Vsys.The error message I get is:Invalid configuration. Schema verification failed.netwo...

Resolved! Routing Daemon

Hi All. Could you please let me know the routing daemon used in Palo Alto firewalls.Thanks in advance.Hari.R

Resolved! DHCP - Getting info on allocated IPs

We have our PA-500 setup on our company's public network. This network is used by employee's personal machines and clients machines when they come into our office.We have run into a few situations that we can see someone is most likely infected as the machine has been profiled by the PA-500 as transmitting threat traffic. The problem is we onl...

smithp by L0 Member
  • 2530 Views
  • 1 replies
  • 0 Likes

Need another BGP instance on Virtual Router

So I need another BGP instance on a virtual router of mine... but ive read that its not possibleAdmin GuideThe firewall provides a complete BGP implementation that includes the following features:Specification of one BGP routing instance per virtual router.Im trying to keep the cfg on my router neat and tidy. Is there an elegant way to handle th...

choff123 by L3 Networker
  • 4118 Views
  • 2 replies
  • 0 Likes

Resolved! IPSEC-Tunnel Monitoring "tunnel-status-down"

I`ve created some IPSEC-Tunnel .Now I try to monitor the connection using "Tunnel Monitor" option.During the commit off the configration to the applince I'll see in System - LOG: example: 10/10 11:26:52 vpn; informational; tunnel-status-up; VPN_TEST:t_test; Tunnel VPN_Test:t_test is up some seconds later 10/10/11:27:03 vpn; low; tunn...

Resolved! PanOS 5.0 on-device User-ID agent

Hi,I have installed a PA200 with PanOS 5.0.2 and on-device User-ID agent. I have connected my device on a network with a DC Windows 2008R2 and I have configured User Mapping and Group Mapping Settings as explained in the Getting_Started_Guide_PanOS 5.0 document, but in the Server monitoring tab the status stays on "Not connected". The MGT interf...

lauro7 by L0 Member
  • 3087 Views
  • 2 replies
  • 0 Likes

Resolved! Problem with interzone U turn NAT

Hello,I followed the instructions in the paloalto "understanding NAT-4.1RevC" pdf for implementing U turn NAT.It works when I try to access a server in the DMZ from the trusted zone via it's public untrusted IP.I have now a web server which somehow tries to do a http connect to it's own URL, which describes Case 5 in this document "server in the...

Resolved! Physical connectivity validation on passive device

Hello,We use vsys on our PaloAlto cluster. During a new vsys deployment, I would like to validate that the passive device's physical connectivity to a switch is working. But I don't wish to launch a failover just for this, because it could impact the whole cluster.Is there any way to test physical or logical interfaces connectivity without any f...

Duplem by L2 Linker
  • 4444 Views
  • 2 replies
  • 0 Likes

Resolved! GP agent takes 30 seconds to connect

HelloWe are currently testing the GlobalProtect VPN client. One issue that bothers us is that the GP agent takes more than 30 seconds to connect to the gateway. Is that really the time it takes to establish a tunnel? Our earlier PPTP solution took 1-2 seconds to connect...Our setup looks quite simple. We followed the setup in the official docume...

oschuler by L4 Transporter
  • 4942 Views
  • 4 replies
  • 0 Likes

Resolved! How does the firewall work when they received unknown-user's packet?

Hello, Guys. Nice to meet you.I'm testing User-ID in PAN OS 4.1 and USER Agent 4.1.There's something curious situation during my lab test.I've deleted all ip-user-mapping information with 'clear user-cache all'.So all users is unknown to firewall.But the user agent still has ip-user mapping information using WMI probing.In this case, I think the...

JTR by Not applicable
  • 3816 Views
  • 2 replies
  • 0 Likes

Resolved! Vulnerability

When you add a custom vulnerability signature to the Palo, is it added to the default vulnerability profile by default?

cdamore by L1 Bithead
  • 2390 Views
  • 1 replies
  • 0 Likes

Resolved! Inbound SSL Inspection with mis-matched certificates (or SSL handoff)

Hi,I'm kind of expecting a no to this question, but I noticed whilst setting up inbound SSL inspection for a client the other day that if the Cert on the Palo Alto and the cert on the SSL web server do not match then the firewall will refuse to decrypt the traffic and just pass it though as SSL using the server certificate.It would be great to b...

Dpeters1 by L2 Linker
  • 8820 Views
  • 5 replies
  • 0 Likes

Resolved! Can anyone explain this vulnerability in more detail "Service Enum Through SMB ServiceEnum2"

I am trying to find more detail on what this vulnerability is and what could possibly be triggering it in a Windows Server environment. I am thinking that it might be a mis-configured service or application native to Windows Server but looking for a system expert to confirm or deny that theory.When I look it up in the Threat Vault all it says i...

u11712 by Not applicable
  • 11138 Views
  • 1 replies
  • 0 Likes

User/Group based policy questions

Hi,I have a need to configured user/group based policy. I having difficulties with the same and have multiple questions. I hope someone will help me with the configuration.1. We push all our policies from Panorama. Can I configure user/group based policy on Panorama and push to all firewalls?2. I have pushed the LDAP config from Panorama to all ...

  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks