General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

HSRP:- Ideas / suggestions thoughts on how to achieve this using Palo Altos in Active/Passive.

Greetings Evereyone,I need some ideas / suggestions / thoughts on:For reference, I just attached a hand drawn network diagram.Just to provide a brief description, I have a network scenario that presently uses HSRP to maintain Active/Passive configuration on the border Cisco FWSMs firewalls. I will be replacing these FWSMs with Palo Altos in HA....

ARP load sharing

We are planning to set up HA in Active Active mode. The boxes sit in separate locations with Layer 2 network between them. Currently our guest Network site on our second PA-2020 with our LAN on the first. Wer had to put the guest Network on second box as we had an issue where we was filling the arp table. When you run Active Active how does a...

BBHLTD by Not applicable
  • 3141 Views
  • 2 replies
  • 1 Likes

Resolved! Ldap Proxy

Hi,in what situations should we use user-id agent as Ldap Proxy ? And when we select this function, how agent behaves?

Resolved! Exclude config snippet from HA sync?

Hi,I've deployed two standalone firewalls...i.e., non-HA. And have been using the interface comment field to document the switch port that interface is connected to. I'm now building an active/passive cluster and noticed that when I sync the configs, the passive firewall gets its interface comments overwritten with the comments from the active...

Empty Reports, What a I missing?

I am new to the PaloAlto world, and admittedly somewhat overwhelmed at the moment. I am working with the reporting features and not getting even close to the results I expect. Particularly when I run a "User Activity Report", I get a 5 page PDF and all pages read "No Data Available" see attached reportEmpty Report. I figure I am not logging some...

Process to change to HA from cold spare

The HA documentation states that one should start with a 'clean slate' when implementing HA. I currently have one PA-500 in production on 4.1.4 and another PA-500 as a cold spare. The production PA-500 has 2 unused traffic ports that can be used for HA. I would like to know what the least disruptive process is to change from cold spare to active...

pkuhnen by L0 Member
  • 5770 Views
  • 6 replies
  • 0 Likes

top bandwidth usage

is there a way to fined the top bandwidth usage in PA 4.1.x in the exact moment that i need , because usually i have to wait for 15 minutes to get it from the ACC.bandwidth

Question regarding unknown application behaviour

Lets say you configure a rule with:Application = AnyService = Custom Service (TCP port 12345)Now when the AppID engine cannot match anything I guess it classifies the traffic as "unknown-tcp".Will the traffic be allowed (because unknown-tcp is part of Any and the firewall will practically act as statefull firewall) or will it be denied?What is t...

Anon1 by L4 Transporter
  • 4895 Views
  • 5 replies
  • 0 Likes

Resolved! MDT and GP client

What's everyone using to deploy GP client? We're finding that because the GP client is not populated with any information(when downloading it from our PA firewall) it's causing problems with the MDT process. The MDT process stops as the GP client pops up expecting you to put the GW IP.Any help or guidance would be appreciated ThanksRodglo

djrodb by L3 Networker
  • 3139 Views
  • 1 replies
  • 0 Likes

Resolved! How to Fix - Error in getting locked users?

I have users locked out and yet when I go to Device > Authentication Profile is how this error in the Locked Users column "Error in getting locked users". What is cause and how do I fix it?This has now come up fairly often.System PA-2020 with 4.0.4 code.

Assigning VPN User a Static IP

We have a customer who is running a specific thick application that requires the user to have the same IP address every time they attempt to authenticate to their servers. In the office this is not an issue since we can assign them a static IP and then do NAT based on that IP address. However, they need these users be able to VPN in and use the ...

jmahoney by L1 Bithead
  • 4379 Views
  • 2 replies
  • 0 Likes

How to block upload dropbox with upstream proxy

Hi to all,I have to implement a block dropbox upload.The architecture that I have to provide the user network, the internal firewall Palo Alto, an external proxy, an external firewall, Internet.I configured the various points to implement the block and everything works if the client directly without going through the proxy, on the contrary inste...

SOCMAECI by L0 Member
  • 2299 Views
  • 1 replies
  • 0 Likes

PanOS 4.1 - GlobalProtect portal client configuration failed

I am having a problem with my GlobalConnect configuration. Everything works fine when I have it set to On Demand. However, I have a set of users I want to effectively have the VPN always on, so for them I've created a second configuration but when a user in this group connects I get the following error in my System Log:GlobalProtect portal cli...

kkolk by L0 Member
  • 4664 Views
  • 3 replies
  • 1 Likes
  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels