real time flow from interfaces - how to get it?
HelloOn my old Juniper SSG device I had flow control where I can sow real time traffic on interfaces.How can I do it with PAN? - using only GUI/CLI - not thirty party software?With regardsSLawek
HelloOn my old Juniper SSG device I had flow control where I can sow real time traffic on interfaces.How can I do it with PAN? - using only GUI/CLI - not thirty party software?With regardsSLawek
Hi there,I've seen a task called pan_task taking up 100% cpu on two of my PA200's. Is this a PA200 specific thing? Not seen this on any other hardware platform, looking into it further it does not look like it's actually using 100% CPU, wondering if it's something to do with the single cpu architecture and splitting the two cores to backplane/ma...
Hello,I need to go through the logs to check why the active PAN 2020 rebooted itself. I only have access to the cli (I have to ssh via the now active FW).Which logs should I check?? Under mp-log there is a whole bunch of logs I am not sure which one to check for system failure related issues.The reboot time is suspiciously close to the applicati...
Is there a more recent Blue Coat WebFilter to BrightCloud URL Category mapping? I found the document from Jan2011 that lists the categories and the recommended mappings at that time. However in the last 2 years both vendors have added and removed categories and changed the descriptions of some of their existing categories. A more recent mappi...
I am new to Palo Alto firewalls and I am hoping this a quick easy question for somebody who is more familiar with them. I would to like to upgrade my PA500 to latest firmware. It looks like the latest release is 4.1.8 (I am using 4.0.8). I have downloaded 4.1.8 to the firewall. Once I click install on 4.1.8, will that require a reboot of the fir...
Here is an example:www.aetna.com is rated on the website of Brightcloud as "Business and Economy" and "Health and Medicine"."test url www.aetna.com" results in a "Business and Economy", which could cause some legal issues when traffic to "Health and Medicine" should not be performed due to privacy reasons.Are there any plans to change that in t...
Thinking outloud here...I would like to record voice traffic for VPN connected customer service agents.Traffic comes in a VPN-HomeRouters tunnel from a 10. IP range.The PBF works when setting source Zone and IP, Next Hop and 1 destination IP.When i change the IP to a range then the forwarding gets skipped (i'm thinking because of the Virtual Rou...
I am using the CP quite successfully. However, I am running into some strange behavior with the Iphones and ipads.If I connect a (non AD Bound) computer to the wireless, it connects fine and I get prompted for the captive portal only when I try to get to the internet. Perfect behavior.When I attach on Ipad or Ipod to the wireless, as soon as i...
Hey,Has this been fixed in PANOS 5.0.1 release? It has no reference in resolved issues in release notes to that release. However this KB article says it should be fixed in 5.0.1: Can anyone confirm that this has been fixed for 5050 and release 5.0.1?
Currently we have a Guest Wireless network setup behind our PA. We'd like to use this network as a test network as well, for certain projects we are working on, to act as if it was outside the network. I have done this in the past with other vendor firewalls but I have not been successful in making this happen on a Palo Alto.Right now, when I co...
Hello,We have a customer who is facing issue described by this KB article :I wonder whether it is possible to change the default timeout value which is set to 1800 seconds ?It could be very helpfull in some situations, and most of the network devices allow to change this value.I searched the Admin guide and CLI guide as well as the KB but I didn...
HiI am not sure if PA box could default check TCP sequense number ... have CLI cmd to tigger this checkingJeff Jin
Dear,we use radius profiles for internal users towards a customer internal network policy server and so. The administration of the palo firewall is done via the MGT interface on a dedicted pvlan based administration network. We want to enable radius authentication for administrator purposes , but this seems to be impossible due to the fact that ...
Hello,I'm going through my first ever configuration of a PAN-500, coming from the McAfee Secure Firewall (Sidewinder). Our current firewall authoritatively hosts our external DNS records pointing to our MX records, etc, and I wanted to know if it's possible for the DNS Proxy module on the PAN-500 to do the same thing.Thank you.
I would like to customize the session timeout for an application for a select group of users. All others would use the default session timeout.Thanks
| Subject | Likes |
|---|---|
| 4 Likes | |
| 3 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like |
| User | Likes Count |
|---|---|
| 7 | |
| 5 | |
| 3 | |
| 3 | |
| 2 |

