General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Internet facing interface dhcp-client inbound NAT

So,PAN 5.0.1 eth1/1 - Layer 3 / Internal network 10.0.0.1/24eth1/2 - Layer 3 / External network - DHCP assigned IP adress from ISP.Outbound NAT works. Inbound NAT i simply doesnt get to work.. Used the cli command test nat-policy-match from Untrust source 8.8.8.8 destination [assigned ip adress of eth 1/2] destination port 3389 protocol 6Got rul...

criiser by Not applicable
  • 5267 Views
  • 4 replies
  • 0 Likes

Building ISP's Network?

My ISP gave me 2 networks.My 64 IP one (main-net) and then a 2 IP one (link-net)that connects back to the ISP Box.I know I could make this with a simple router/ Layer3 switch.I have just started testing with our PS-2050.Is there a simple way to do this in box?I am thinking it would just be 1 VR between the link-net and the main-net. Then another...

Resolved! Allow traffic to specific URL - Best practices

Dears,I have 2 PA2020 implemented working as webfilter only. (virtual wire feature)I need to implement a rule which will permit any user to access the website www.adpweb.com.br anytime...What I did:Rule at first positionsource: any user, any zone, destination: any IP, any zoneURL: I created a specific URL CategoryI see that many others traffics ...

Resolved! HA Active/Passive Management Design

I am testing out and setting up two PA-2020 in a HA Active/Passive setup for eventual use in our production network. I am testing this outside of our current network infrastructure to ensure I understand the complete setup processes. I had a couple design questions regarding this setup.As of now I have two zones, WAN and LAN enabled on both fir...

cmateam by L3 Networker
  • 6927 Views
  • 6 replies
  • 0 Likes

SSH interception and server rekey

PA200 running 5.0.1-h1, SSH traffic is being intercepted to block tunneling which is working fine so far. The issue I'm seeing is the client (Putty) is dropping the session after 60 minutes with "Server's host key did not match the signature supplied", I'm guessing this is the SSHD rekey interval.Is there a trick to get the Palo Alto SSH to han...

rob72 by L1 Bithead
  • 2783 Views
  • 1 replies
  • 0 Likes

Resolved! I need configuration help In vwire mode ,....

Hi All,..Kindly refer the fallowing topology, in which VLANs (ex:10 VLANs) are created and any traffic to internet is routed to the core firewall. In between core switch and firewall i have connected PaloAlto firewall in VWire mode and also have defined the policy to allow traffic. Did i need to define any VLANs in PaloAlto? Because i am not abl...

Gururaj by L4 Transporter
  • 3542 Views
  • 2 replies
  • 0 Likes

Resolved! Dropped Sessions

I've a strange problem. My PA (5.0.1) randomly kills all sessions. This is causing me problems as all internet traffic times out during these issues. You can see from the show system statistics screen dump below that there is 0 packets and 0Kbps through put but 1191 active sessions. The second window shows the PA in normal mode a few seconds aft...

djrodb by L3 Networker
  • 4119 Views
  • 1 replies
  • 0 Likes

Resolved! Different block pages based on policy

Is there no way to have different block pages appear per policy ? We have distint needs for a few different groups of users. We need one URL block page to come up when one policy is triggered and a different block page when another policy is triggered. Is this possible ? If not, why ? Any plans to make this happen ? Any hacks that are possible ?...

jhickey by L3 Networker
  • 5423 Views
  • 3 replies
  • 0 Likes

User-Id Agent and "login id attribute name"

HiIn one of my customers (Pan-OS v4.0.7) with eDirectory I use User-Id Agent (v3.1.2) to get user IP addresses. In that directory I used the "Login Id Attribute Name" to specify 'CN' as the attribute to use for user account because many users didn't have a "UniqueId" attribute with a value.Now I am testing the latest version of User-Id Agent (v4...

emaneiro by Not applicable
  • 5001 Views
  • 5 replies
  • 0 Likes

global protect ssl-vpn and accessing the internet - v4.1

I have built access via global protect for remote users and all is working fine except that they cannot access the internet. 1. DNS is assigned (internal)2. All internal network resources are accessable3. accessable routes includes 0.0.0.0/32Any ideas?Thanks,John

Marcum by Not applicable
  • 4598 Views
  • 3 replies
  • 1 Likes

sizing HA links

Hi all,I would like to know what the requirements are on HA1, HA2 and HA3 links in an active/active deployment. Is there a formula to calculate this ?

Activesync and User-id

I recently determined that activesync clients do not leave any traces in the Event logs when they get their email form Exchange 2007. Problem is I was banking on this as I was building our network.Do Activesync clients with Exchange 2010 leave events that can be used by the user-IP mapping process?What are others doing with non AD bound clients...

BobW by L4 Transporter
  • 4290 Views
  • 4 replies
  • 0 Likes
  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels