General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

PA 2020 Active/Passive HA

I am configuring Active/Passive PA 2020 firewall for clustering . I have configured all the parameters for HA including the links(HA1 and HA2). Also the firewall are connected and both the HA interfaces are showing up. I am making One PA Firewall as

...

itsecll by L1 Bithead
  • 2846 Views
  • 6 replies
  • 0 Likes

address-group limitation

Hi @all,

we’re using a PA-5020 active-passive Firewall-Cluster.

We recently noticed that the address-groups are limited to 500 items per group. As we have a list of nearly 1500 items (ip-address and network-addresses) to manage, I want to ask whether

...

Wirecard by Not applicable
  • 1485 Views
  • 2 replies
  • 0 Likes

No username in source-user column of PA-500

Hi All

I have upgraded to  PANOS 4.1.2 and user-id-agent 4.1.2-2 in my lab, however when i complete config, and can not select any domain\username in the source user column, but i can sure the connection is ok by command >show user user-id-agent stati

...

Resolved! User-ID agent 4.1.0 service logon account permissions.

User-ID agent 3.1.0 ran quite happily on our Domain Controller under a regular domain user account (no group membership apart from the default Domain Users, and I guess "Ran as service" was granted automatically during the installation).

The new versi

...

ST1985 by L1 Bithead
  • 7189 Views
  • 7 replies
  • 0 Likes

Anyone tried REVERSE PROXY on PAN

Hi,

I was just wondering if anyone was successful in implementing Reverse Proxy solution on the PAN.  As far as i know, Palo Alto does not do Reverse Proxy, but was even told that there was work around for it.  Anyone who has been successful in acheiv

...

Custom reports using different log archive

Hi all,

we are trying to create a custom report in which we want to include fields that belongs to, for exemple, the URL log database and wanted to add a field that is contained at the traffic log (bytes, for example).

Is it possible?

Best regards,

COMIP by L2 Linker
  • 1730 Views
  • 3 replies
  • 0 Likes

Captive Portal Persistence

Greetings,

A little background.  We have a wireless guest network at multiple facilities.  Currently we have Juniper wireless deployment and use their "SmartPass" product for guest authentication.  This gives us two things:

  1. Provides a splash page that
...

mrsold by Not applicable
  • 1823 Views
  • 2 replies
  • 0 Likes

Resolved! Packet Capture/Debug Flow based on an IPSec VPN

Hi

I am looking for a way doing a packet capture (or Debug Flow) with a filter based on a defined VPN Connection. The only thing I found, was a filter like "debug dataplane packet-diag set filter match ingress-interface tunnel" but with this I am not

...

User_333 by L2 Linker
  • 5541 Views
  • 4 replies
  • 0 Likes

Problem in RESTful API with predefined application

Hi,

Trying to retrieve list of predfined application with RESTfull api we recieve an error (Firefox):

ML Parsing Error: mismatched tag. Expected: </default>.Location: https://<server>/esp/restapi.esp?key=<key>&type=config&action=get&xpath=/config/prede

...

Resolved! LAN issue with PA200

Hi

gotta really wierd problem...

PA 200

configured for DHCP

eth1/2 Layer 3 IP address 10.130.8.25/24

default route via eth 1/2

eth1/2 connected to port on CISCO 2960S switch

PC connected to port on same CISCO 2960S switch

IP config IP Address. . . . . . . .

...

sue_town by Not applicable
  • 2262 Views
  • 3 replies
  • 0 Likes

VPN SSL with LDAP Group fail

Hi team, I have a problem with a OS 3.1.9.

If a try to configure VPN SSL with LDAP Groups, always I have the same error: Authentication failed: Invalid username or password.

If I change the configuration to LDAP users, athentication and connection are

...

ocampos by Not applicable
  • 1231 Views
  • 1 replies
  • 0 Likes

PAN Agent AD 3.1.2 install on Windows 2008 r2 64 bit

  • Install on a Domain Controller as a Domain Admin
  • Right click on the PanAgent-3.1.2 installer
    • Go to the Compatibility tab
    • Check "Run this program in compatability mode for:  Previous version of Windows"
    • Click Apply, OK
  • Run the installer
  • Open services.msc
    • Ope
...

svse by Not applicable
  • 1052 Views
  • 0 replies
  • 0 Likes

Resolved! DHCP Option 252 WPAD

Seeing since there is no support to push down client proxy settings via GP - does anyone know if we can set up a DHCP scope for SSL VPN clients that has/allows for option 252 WPAD support?

Thanks

Rod

djrodb by L3 Networker
  • 4844 Views
  • 8 replies
  • 0 Likes