General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

L3 vlans and devices/systems that don't support vlanning issue.

Hello all,I've recently setup our PAN-2020's with L3 sub-interfaces presenting VLANS to our core switches (per this discussion: ). However, I've run into a problem that I can't manage or connect to devices, like our SAN, KVM, and even the PAN Firewall (management port) because they are on the same switch and use the default vlan of the switch. ...

Resolved! VPN for IPAD

Does somebody how to configure an IPAD in order I can use the VPN. I have it working for windows laptops, but not for an Ipad, I look the manual but honestly I need somebody else to explain step by step. Can someone help me?Regards,

Resolved! What is used to convert Netscreen config to be imported into PaloAlto?

What is used to convert Netscreen config to be imported into PaloAlto?

Any chance of having automatic config backup option on the firewall (not Panorama) in the future

Heylo.. any chance of having the PAN firewall (not Panorama) do automatic backup of configurations as per time/date settings?I am now having customers asking me if PAN have this somewhere down the line being implemented on the firewall.Cheers..Kalyan

Resolved! LDAP not working

I am trying to get my PA to talk to an LDAP server. I set up the LDAP server as described in the documentation User Identification Tech Note - PANOS 4.1.pdf) but it never is able to connect. I get this error:ldap cfg mydomain failed to connect to server (10.10.10.10:389), source 10.10.252.4.Now 10.10.252.4 is configured as my Management interf...

GlobalProtect Portal has a problem with DHCP Ext interface

I'm hoping that someone from PAN Support or Development can answer this question. I have been fighting with this for weeks now and have narrow the problem down to the GP Portal service.ScenarioI have a PA-200 in my lab with two Layer3 interfaces defined. The Internal L3 interface has a Static IP for the local network, while the other L3 interf...

Best way to block private ip's but make exception for 1 network.

I just upgraded from 4.0.7 to 4.1.6. Since this upgrade our monitoring server in the LAN 10.x.x.x/24 can not browse to our web servers in the DMZ 192.168.X.X/24. It shows up as, action blocked-url, with Category of private-ip-addresses. I have private-ip-addresses blocked in the URL filtering but I have a custom URL category defined that allows...

Need help with Enterasys NAC/NMS and PaloAlto UserID

I am trying to make the Enterasys/PaloAlto integration from this doc work:Running 4.1.6 code on the PA-4020 and the associated UserID agent on a single server. I followed the directions exactly but see no evidence info is making it to the UserID agent.Is this compatible with the latest UserID agent? Support directed me back to the community/de...

ARP Cache Limit on PA-500

Hi PAN,When is that the PA-500 will have an ARP cache limit of 1000? I was promised during the launch of version 4.1 that the ARP cache limit had been increased to 1000 from 500 just to realise that it never happened. I am desperately waiting for something on this as clients are not at all happy with this and having a work around just to avoid...

Resolved! Renaming a VSYS

Should I expect any issues if I rename a VSYS? I assume it should rename all VSYS names in the config where applicable?

Traffic log database exceeds alarm threshold

Hello,This is not very clear on Palo box, since months we have issue that everyweek we have alarm indicating that the log was exceeded 80 of the quota, infact we want to log all traffics and don’t want to disable logging on somerules, I monitored during the week the logdb-quota and Palo don’t clear/purgeor delete older log at 80%, we opened a ca...

GlobalProtect Portal does not respond on DHCP addressed interface

I have don't extensive testing and discovered that if a GlobalProtect Portal interface is addressed via DHCP it does not respond to HTTPS requests. It only responds if the Portal interface has a Static IP Address.Can someone please help with why?

Public IP's and DMZ

I am currently setting up a DMZ using a class C address range provided by my ISP. So far I have an untagged interface built connected to a switch and a VR built. Example:I have the subnet 10.10.10.0/24I set interface G1/2 with address 10.10.10.1/24I have a VR with a route 10.10.10.0/24 destination int G1/2 next hop address 10.10.10.1I have a lap...

Is it possible to transfer the username from an authenticated user on a squid to the log in the PA ?

Hello,I have a squid proxy in the internal network, which does the user authentication against the active directory.Now I would like to see the username in the logfiles of the PA firewall.I do not want to use the username for authentication on the PA just to visulize, who is initiating this webtraffic.Something simular to x-forward-for, not usin...

Resolved! Issues installing the Terminal Server Agent on Server 08R2

I have this same issue at two separate clients. I installed the agent under elevated priveledges but once it is installed an I open it, I cannot click on any of the menu options. If I click on Restart Server, it says "query service fails with error5".Did I skip a step or am I missing something? I have the regular user ID agent setup just fine at...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!