General Topics

Dual power supplies

Dear All,We have more and more requests and complaints from prospective clients requesting dual power supplies on the PA 2xxx and upcoming 3xxx series. This is one of the first questions we get from many prospective clients, and the negative answer in this regard always starts off negotiations on the wrong foot. Most customers view the PAs as be...

Resolved! Problem with certificate after upgrading GlobalProtect 1.1.7

Hi everyboy.Up to now, I've had working a Globalprotect configuration, with only a Server Certificate, and it worked very well.After upgrading to version 1.1.7, I've received the message: "The paloalto.xxxxx.es certificate is not signed by a trusted certificate authority.". That is a problem for "no on demand" VPN connections, because you have t...

File Blocking, save file locally

Hello,With wildfire you can use a policy to send the files to the cloud, so that paloalto networks can analyze it.Is there a possibility to send the file to a an internal ftp or to save on the device?Thanks

Easily fooling App ID?

Recently I've seen some information posted on a forum and I was hoping someone could speak to this. Here is a quote:"I work as a security auditor and I've come across them a few times. The "application" is http (web) which is allowed from the client segment to the external one. The backdoor software mimics a regular web session, as per a user w...

Default syslog string?

Would anyone by any chance know the "default" syslog string ie. with the parameters $path etc etc... Would be interesting to know to have something to start from instead of beginning, like now, clean... Br, Christian

Resolved! Moving from a Cisco ASA to PA-5020 Setting up a DMZ zone on the Palo Alto . There is suppose to be a tool to work with the existing cisco configuration to build a config for the Palo Alto

Moving from a Cisco ASA to PA-5020 Setting up a DMZ zone on the Palo Alto . There is suppose to be a tool to work with the existing cisco configuration to build a config for the Palo Alto any one used it or have a copy ?

Resolved! How to include users directly belongs to OU (orgnisation unit) in include group option in LDAP group mapping for user id Agent,..?

Hi All,..We have installed User ID agent 4.1.5 showing ip to user mapping or traffic, now we are looking to place a user based policies but in AD users are directly belong to OU which we cant add in the include group option in group mapping.. is der any way to get user names in policies?Regards,Guru.

Resolved! On device in policies not showing user names, but in user-id agent we are able to see ip to user mapping.

Hi All,On device in policies not showing user names under the source user tab, but in user-id agent we are able to see ip to user mapping. PaloAlto device is connected to machine on which user-id agent has been installed. Is there any other configuration is required to get user names in policies ? Please help me.Regards,Guru

Resolved! 'infra-group: restarts exhausted, rebooting system' and Firewall REBOOTS random

Greetings Again,Off late I have been hit with quite a few surprises after the release of version 4.1.x. Now this is the latest one that surprises me. Over the last few months one of my customer's PA-2050 has randomly rebooted which obviously has a large impact on our users ( I was never told of these till today). The customer is presently run...

Source user not shown in some logs

Hello,I have developed a script that collects user-ip mapping from a wireless controller and send this info to User-ID Agent. All these looks fine because I can see the users in the User-ID Agent monitor table, but when I look traffic logs on Palo Alto I can see some logs do not have a user identification and other logs have it, for the same sou...

Resolved! Anyone having issues with cacti after upgrade to 4.1.8

Grettings, just wondering if anyone else is having any issues with cacti after upgrading to 4.1.8. All my graphs stopped working even though cacti is able to quere snmp just fine. After I downgrade back to 4.1.7 everything is working fine again. Thanks

Resolved! Responding to DMCA takedown requests

I'm a recent Cisco ASA convert. I'm in an academic environment so bittorrent (and P2P in general) is permitted. We get an occasional DMCA takedown request. Finding the culprit in the ASA world was pretty straightforward: grep the syslog for the NATed port and see if there was a match near the alleged infringement time. I'm having a difficult tim...

setting up services to be accessible through the internet

I am wanting to have one of my internal machines be a webserver and be allowed to talk out through the internet.Not sure how to go about doing this.

Resolved! Re: show routing route destination output

Hi,Sorry I know this is an old thread but figured I'd ask here as my issue is the same... I am interested in finding the specific route in the route table that will be used for a specific destination network lookup. So I do "test routing fib-lookup ip 2.2.2.2 virtual-router default" command but the output only shows the interface that will be u...

Resolved! certificate import for using captive portal

Hello community,we have running a PA-500 with a captive portal configuration. This config was build up last year on a PAN-OS 3.1.7. We haved used Debian Linux with openssl to generate a key-pair and a CSR. To correctly import the certificate I had to convert the certificates in Base64 format and copy&paste the intermediate certificate on the...

Discussions

Dual power supplies

Resolved! Problem with certificate after upgrading GlobalProtect 1.1.7

File Blocking, save file locally

Easily fooling App ID?

Default syslog string?

Resolved! Moving from a Cisco ASA to PA-5020 Setting up a DMZ zone on the Palo Alto . There is suppose to be a tool to work with the existing cisco configuration to build a config for the Palo Alto

Resolved! How to include users directly belongs to OU (orgnisation unit) in include group option in LDAP group mapping for user id Agent,..?

Resolved! On device in policies not showing user names, but in user-id agent we are able to see ip to user mapping.

Resolved! 'infra-group: restarts exhausted, rebooting system' and Firewall REBOOTS random

Source user not shown in some logs

Resolved! Anyone having issues with cacti after upgrade to 4.1.8

Resolved! Responding to DMCA takedown requests

setting up services to be accessible through the internet

Resolved! Re: show routing route destination output

Resolved! certificate import for using captive portal

Doubt about Custom URL category

Upgrading from 10.2.9-h1

Can 'admin' account be deleted?

NGFW with two different Support Structure in one CSP

[User-ID HUB Vsys] Solved Issue User-ID Behavior

Re: GlobalProtect is no longer able to retrieve information for Trend Micro Apex One Security Agent

How to get access to the knowledgebase articles (SSO Error)

Re: Unable to activate Precision AI network security bundles license

Re: Convert management-only Panorama to panorama-mode

Re: Sofware Upgrade broken? "An active license is required for this feature"

Unlock your full community experience!

Resolved! Problem with certificate after upgrading GlobalProtect 1.1.7

Resolved! Moving from a Cisco ASA to PA-5020 Setting up a DMZ zone on the Palo Alto . There is suppose to be a tool to work with the existing cisco configuration to build a config for the Palo Alto

Resolved! How to include users directly belongs to OU (orgnisation unit) in include group option in LDAP group mapping for user id Agent,..?

Resolved! On device in policies not showing user names, but in user-id agent we are able to see ip to user mapping.

Resolved! 'infra-group: restarts exhausted, rebooting system' and Firewall REBOOTS random

Resolved! Anyone having issues with cacti after upgrade to 4.1.8

Resolved! Responding to DMCA takedown requests

Resolved! Re: show routing route destination output

Resolved! certificate import for using captive portal