General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 2978 Views
  • 2 replies
  • 14 Likes

Resolved! HA Sync Error on Commit

Hi All,

I have two PA-2020 in Active/Passive HA. Both on same code (v4.1.4) and latest subscriptions.

The pair have been running fine for almost 12 months.

Recently, when I tried to Commit a fairly basic change on the Active node, it fails to Sync with

...

POC Plan

Hui

Was wondering if anyone has a POC Plan/Criteria Sheet to test PA5020 against Fortinet & Sonicwall.

Appreciate alll the help.

Thanks

Manoj

aggeios by Not applicable
  • 3214 Views
  • 5 replies
  • 0 Likes

Resolved! PANORAMA MODIFY EXPAND STORAGE

Hello,

I have installed a panorama with extended disk of 1TB and now I want just use 500 GB.

I can reduce the size of my virtual disk without reinstall the system??

thks for your help!

alle by L3 Networker
  • 2324 Views
  • 1 replies
  • 0 Likes

Resolved! About policies PA500

I want to know because when I make a change in my PA500, I get the following:

- Rule 'Accounting' shadows rule 'User'

- Rule 'Shopping Paniagua' shadows rule 'portable users'

Thank you very much

Resolved! Any way to Manually Sync LDAP Group Mapping?

Is there any way to manually sync the LDAP Group Mapping/User Identification in Palo Alto? We have the sync interval set to 4 hours, but there are times where would would like to sync manually.

jambulo by L4 Transporter
  • 34922 Views
  • 1 replies
  • 2 Likes

Radius attribute for login message

When using Nordic Edge it's possible to set a "Response Message" in the Radius server. This message is then displayed to Global Protect users logging in instead of the standard "Please enter password for gateway x.x.x.x".

I assume this is done using a

...

pkaren by L1 Bithead
  • 1604 Views
  • 0 replies
  • 0 Likes

Cannot create rules based on users

Hi,

I've installed a new PA-500 device. I've also installed the UID-Agent and it's communicating with the Palo Alto because:

"show user ip-user-mapping" return results with many users

on monitor tab I have the users displayed

on acc tab i also statistic

...

licenselu by L4 Transporter
  • 2670 Views
  • 6 replies
  • 0 Likes

Resolved! How to detect DNS TXT messages

is it possible to detect and furthermore block DNS TXT messages via a Threat Signature?

The goal is to disable DNS Queries regarding TXT resource records.

Not sure if the context dns-req-section does the job...

Did anyone ever try this?

Thanks!

Stefan

Virtual Routers

We recently switched ISPs and they assigned as a 32 address block that sits behind 1 address. i.e 71.100.100.192/27 block behind 71.100.100.50/30. We are now connected to the ISP with the PAN addressed as 71.100.100.50/30 with a default route destina

...

Resolved! Difference between gtalk and google-talk?

In todays content update one can read:

"

Modified Decoders (6)

      Name

      gtalk-p2p

      ipsec-esp-udp

      jabber

      ssl

      google-talk

      oracle

"

How come gtalk-p2p isnt named google-talk-p2p or is gtalk something else?

Yeah I know thi

...

mikand by L6 Presenter
  • 1690 Views
  • 1 replies
  • 0 Likes

Resolved! PCI and WSUS

I need to create rules for a PCI firewall for a WSUS server. Microsoft does not publish IP's for their update points so this is problematic on a PCI firewall (or it seems to me). I can either:

1) create a rule which allows the server out to "any" usin

...

Gerry_RH by L0 Member
  • 3314 Views
  • 4 replies
  • 0 Likes

Resolved! Captive Portal Certain AD-Users

I have a unique situation.  Currently, I have a 10,000 + user based network and implemented Captive Portal Policy. We have certain AD accounts that auto login with certain machines. We want to always captive portal those certain logins.  So I am want

...

netslh by Not applicable
  • 1727 Views
  • 1 replies
  • 0 Likes

Resolved! help to configure a DMZ and NAT

hi,

i need a little help to configure a DMZ. here is our situation:

interfaces

ethernet1/1 - 1.1.1.1 (public - NAT clients)

ethernet1/1.1 - 1.1.1.2 (public - NAT DMZ)

ethernet1/1.2 - 1.1.1.3 (public)

.

.

ethernet1/6 - 10.10.30.1 (DMZ)

.

ethernet1/8 - 10.10.20.

...

assona by L0 Member
  • 3085 Views
  • 2 replies
  • 0 Likes

Resolved! Aggregate Ethernet interface: LACP and PaGP support

Hello, Everybody,

we would like to aggregate ethernet interfaces of our PA-5050 (4.1.7 PANOS) in order to have a redundant physical connection towards our Cisco Catalyst switches.

Sound like LACP is not working with PAN and we had to set PaGP, which, o

...

Bucche by L2 Linker
  • 8808 Views
  • 7 replies
  • 2 Likes
  • 24038 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors