This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

User-Id Agent and "login id attribute name"

HiIn one of my customers (Pan-OS v4.0.7) with eDirectory I use User-Id Agent (v3.1.2) to get user IP addresses. In that directory I used the "Login Id Attribute Name" to specify 'CN' as the attribute to use for user account because many users didn't have a "UniqueId" attribute with a value.Now I am testing the latest version of User-Id Agent (v4...

emaneiro by Not applicable
  • 4901 Views
  • 5 replies
  • 0 Likes

global protect ssl-vpn and accessing the internet - v4.1

I have built access via global protect for remote users and all is working fine except that they cannot access the internet. 1. DNS is assigned (internal)2. All internal network resources are accessable3. accessable routes includes 0.0.0.0/32Any ideas?Thanks,John

Marcum by Not applicable
  • 4564 Views
  • 3 replies
  • 1 Likes

sizing HA links

Hi all,I would like to know what the requirements are on HA1, HA2 and HA3 links in an active/active deployment. Is there a formula to calculate this ?

Activesync and User-id

I recently determined that activesync clients do not leave any traces in the Event logs when they get their email form Exchange 2007. Problem is I was banking on this as I was building our network.Do Activesync clients with Exchange 2010 leave events that can be used by the user-IP mapping process?What are others doing with non AD bound clients...

BobW by L4 Transporter
  • 4262 Views
  • 4 replies
  • 0 Likes

Resolved! Mac Users and User-ID

Is there a way to identify Mac users without turning captive-port on and having them login to get to the web? We are willing to do a mac address reservation so the user gets the same IP. We would really like to put this in without any real changes to the users. Thanks for any help on this.

expoffsol by Not applicable
  • 7615 Views
  • 7 replies
  • 0 Likes

Mapping users with user agent

Hi All,to identify users , i installed user-id-agent in AD, and then i added the user-id in palo alto the status of the user agent in paloalto is connected, so when i tested the user agent in policies, i can apply just for group that i selectedbut i can't see the users on paloalto , rather thant i see the users connected with there address in u...

atelcom by L3 Networker
  • 8824 Views
  • 9 replies
  • 1 Likes

How PAN deal with multicast traffic on Layer 2 mode.

Hello guys.I could not find any information of multicast processing on layer 2 mode for PAN. I wonder about that how do PAN deal with multicast traffic such as HSRP, VRRP and OSPF (that use multicast addressing) on layer 2 mode.I believe that PAN would bypass and forward multicast traffic but I'm not sure.Please answer me above question.ThanksRe...

ttongfly by L3 Networker
  • 3652 Views
  • 1 replies
  • 0 Likes

Resolved! DHCP client on wan interface - ip cleared

The wan interface on a PA-200 (PANOS 4.1.6) is set up as DHCP client, receiving ip-address from the ISP. When the lease period is out, the ip address is cleared with this message in System Log:DHCP client cleared IP address on interface:ethernet1/1 due to: Lease expiryThe problem is that an admin has to manually request a new ip address, this is...

einar by L1 Bithead
  • 17231 Views
  • 13 replies
  • 0 Likes

Resolved! PA200 Dynamic DHCP Client Issue

I am running a PA200 at home with Verizon FiOS. Currently the software is at version 4.1.6. I currently have everything running correctly, but the DHCP lease for the WAN expires every 2 hours. I watched the interface this evening to see what is happening, and about 1 hour in the state changed from "bound" to "renewing", but it never renews un...

ccaruso by L0 Member
  • 5011 Views
  • 2 replies
  • 0 Likes

Resolved! UserID and multiple VSYS

From what I understand from the 5.0 documentation so far, each VSYS needs to be setup with separate userID agent configurations. There is no sharing of user-ID information between virtual systems. Is this assumption correct? I am seeing very inconsistent results between mulitple vsys's when I show a list of users. VSYS1 will show ~2500 users and...

Global Protect 1.2 & HIPS

Hi,Has anyone seen any problems with GP 1.2 and HIPS, particularly the domain check? Since upgrading to 1.2 the HIPS check we have to determine if the PC is a member of specific domains fails. When we look at the client on a PC (running windows 7) it no longer shows the domain under the host info section? It still shows the OS and Host Name as w...

DaveM by L1 Bithead
  • 6482 Views
  • 6 replies
  • 0 Likes

Resolved! application PaloAlto-userid-agent

Hi,Someone ever used this application?I tried but the agent traffic is seen as ssl traffic. Also the default port of the PaloAlto-UserID-agent is tcp/2009. But the default port is 5009 if I'am correct, so is that a bug?Regards,Kevin

RDP and the PAN-Agent

I'm noticing that when a user connects to a server using RDP with a different username, the PAN-Agent is reading that username and associating it the user's computer.For instance, a programmer named 'jdoe' connects to a web server from his PC using IP address 172.16.3.3 using the username 'webadmin'. The traffic logs now read that 'webadmin' is ...

mharding by L4 Transporter
  • 13355 Views
  • 21 replies
  • 0 Likes

Resolved! Globalprotect & Windows 8

Hello,Does anyone know if there are any issues with Windows 8 and Globalprotect?I have a newly installed 64bit Win8 Pro installation with Globalprotect version 1.2.Globalprotect does connect and it says that "services are connected". But I do NOT get any traffic via the vpn connection.Everything seems to be going via the default-gateway as usual...

  • 24380 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks