General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Testing IPv6 using test-ipv6.com

I'm unable to successfully complete test-ipv6.com (10 out of 10) without doing either 'Any' application or adding unknown-tcp as an application.When I do just web-browsing, I get denies on 'unknown-tcp'.Is there something different I can do without allowing wide open browsing for IPv6? Is this a deficiency in the Applications list or the way w...

Isolate and NAT a segment for BYOD

I've tried setting up a subnet on our local network for wireless BYOD purposes and our aim is to have phones/pads connect only on this subnet (10.84.0.0/16). An ACL on our layer 3 core switch prevents this subnet from communicating with other 10.x.x.x segments directly, where our other users and servers are set up.We want to apply our filtering ...

sspivey by L1 Bithead
  • 3020 Views
  • 1 replies
  • 0 Likes

Resolved! ignore_user_list.txt/filter groups list

Question, when we were using the User Identification Agent Version 3.1.2 we could filter out accounts by editing the “ignore_user_list.txt” in the pan agents folder (typically c:\Program Files\Palo Alto Networks\PanAgent). Now we have upgraded to the User-ID Agent Version 4.1.1-7, is there a way to filter out accounts in a txt file and in filte...

Resolved! Another download is in progress

When attempting a download of a PAN OS software image, I get the error "Another download is in progress. Please try again later" in the download dialog. How can I find out what download is in progress and potentially stop that so I can get the software image downloaded?

Report like in CheckPoint - possible?

repoHiRecently I was on Next Generation SECURITY Conference 2012 in Poland. I got sample report from CheckPoint 3D security. You can get it from http://downloads.checkpoint.com/dc/download.htm?ID=13521Is it possible to get similar report from PAN (without PANORAMA)? Im interested in content from 1 -15 page of this report.I need to get the same i...

_slv_ by L4 Transporter
  • 3623 Views
  • 3 replies
  • 0 Likes

Resolved! HA Down Time

Dear Support:I want to know how long will the Standby PA become active ?According to the HA best practice , Running @ PA2020 & 4.1.8the HA statue is normal , all things are matchand the link monitor had setup , interface monitor set to shutdownI ping 8.8.8.8 -t at the internal networkI unplugin one of data interface , and the standby PA bec...

j.guo by L1 Bithead
  • 5860 Views
  • 4 replies
  • 0 Likes

Resolved! Export Object Addresses list

I see there is a way to export policies, is there a similar way to export my objects/addresses? I'm trying to do a little cleanup on my PA4020's and I'd like to send object lists to the people who requested their creation, to see if they are still valid. By the way, it would be VERY helpful if I could add a comment to an object, so I know who ...

bhelman by L2 Linker
  • 4396 Views
  • 3 replies
  • 0 Likes

Resolved! HA Lite Configuration A/P not working...

Hi All,Trying to configure a pair of PA-200's as an active-passive cluster using "HA lite". Right now both devices are showing active, so it seems the nodes do not see each other as cluster members. I have defined one HA link on both firewalls, ethernet1/2...they are connected together via a cross-over cable and both interfaces are showing UP....

Resolved! Deploying Dynamic Updates

We have a Panorama box, and I thought I would try to push apps and content version 192 out to our PA-2050s that are in an HA pair. We are running PAN OS 3.1.2 on the Panorama server and the PA-2050s. I downloaded the apps package, and began deploying it to the PA-2050s when I got this message:Image uploaded.Installation initiated.content update ...

mharding by L4 Transporter
  • 10442 Views
  • 10 replies
  • 0 Likes

Resolved! HA issues since upgrade to 4.1.8

Hi.I have two 2020's in a HA configuration.On software 4.1.7, when I modified configurations etc, the synchronisation worked just fine - every change was automatically synched to the passive node on commit.Now that I've upgraded to 4.1.8, more than half the time I commit a config change, it does *not* synch to the passive pair, and I have to rem...

darren_g by L4 Transporter
  • 3917 Views
  • 4 replies
  • 0 Likes

Resolved! Veeam Application-ID

This is probably a question more for Palo Alto networks, but I'm not sure where to submit this question, or request a new app-id. I was wondering if an application profile for Veeam Backup and Recovery will ever be created? I am not seeing anything in the applipedia and wondered if there was a plan for this. I might just have to create my own...

cmateam by L3 Networker
  • 4466 Views
  • 1 replies
  • 0 Likes

Manager Interface Protection

I would like to know a way to protect the manager interface because I´m undergoing brute force attack trying to access the “admin” account and I cannot use the permit address IP because I´m over a dynamic IP connection to manager the equipment. Is there a way to block an address after 3 login fail tentative or something like this?Regard

rrunge by Not applicable
  • 2578 Views
  • 1 replies
  • 0 Likes

Source user not found

Hi there,I have a random issue occur whereby one or two of my users seem to loose access to their internet privileges. I check on PA and it shows the traffic but no source user, which is what the rule for their internet access is based on. If we reboot their pc then it is fine again, but I just wondered what could be causing this to all of a sud...

JRussell by L3 Networker
  • 5156 Views
  • 7 replies
  • 0 Likes
  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels