This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4139 Views
  • 0 replies
  • 0 Likes

Authentication profile + Kerberos + group restrictions - should work?

Running 4.0.5 here.I setup SSL VPN a while ago, and setup an authentication profile to pull from our Active Directory via Kerberos. I have an AD group and I only want the members of that group (or members of groups that are children of that master group) to have VPN access.I only add that single group to the allow list, and nothing else.For som...

bradenmcg by L3 Networker
  • 3961 Views
  • 3 replies
  • 0 Likes

How to route internet traffic through a tunnel interface

What's the best way to route all internet traffic (except IPSec VPN tunnels) through a IPSec VPN tunnel interface?We want to have a single point where all internet traffic passes through and uses the same policies for web and applications.

helge by Not applicable
  • 6522 Views
  • 5 replies
  • 0 Likes

Resolved! Panos 4.1 and new pan agent

Hİ i tried panos 4.1 and new agent(4.1-0-43) with active directory domain (but a way agent successfuly connect to active directory domain and showing active directory users)...i have trouble panos 4.1 when pa box try to connect pan agent i see below message on the pa box and connection unsuccessful but when i use the pan agent 3.1.2 with panos 4...

lildeniz by L3 Networker
  • 3583 Views
  • 4 replies
  • 0 Likes

Resolved! Round Robin NAT?

Hello,I'm running PANOS 4.0.11 and I'd like to be able to set NAT to round robin between 2 servers in the DMZ. We would have a single public IP round robin NAT'd to two internal IPs. Is this possible on 4.0? How would I accomplish this?Thanks,Ian

iguarino by L0 Member
  • 4074 Views
  • 3 replies
  • 0 Likes

syslog from PAM OS 3.1 to 4.1

Hi,I migrated our PAN FW from 3.1 to 4.1 and there is some more fields on TRAFFIC and THREAT syslog format.With 3.1, using syslog-ng, I got:Sep 27 00:00:35 giacometti-2 00: 00:35,0003C100873,TRAFFIC,end, etc ...Since by defualt in 4.1 there is more field than with 3.1 I'd like to customize the syslog format in a way that have the sames format as...

Resolved! Software Upgrade Question

When upgrading from PanOS 4.1.6 to 4.1.7, will the device fail over without issue as it installs the new software or will I have to schedule an outage? Thanks in advance.-Matt

mcw015 by Not applicable
  • 4937 Views
  • 5 replies
  • 0 Likes

incomplete

Hello,I need urgent help. I dont know why but from one moment during the day is one website unreachable from our internal network(only this website). There was no change in configuration PA500, no changes in web server configuration. From outside of company is website reachable without problem. What I see in log is for this session application:i...

oitspa by L2 Linker
  • 9953 Views
  • 15 replies
  • 0 Likes

Resolved! Commit not showing who did it in system log

Dears,I have a serious issue, yesterday the internet became down suddenly, when i check the firewall, i find out their is big changes happened on the firewall without us knowing, no one have change anything, when i went to the system log to see the commit for which admin, i find the commit is showing without the user?it should show in this way: ...

yousef by Not applicable
  • 6474 Views
  • 6 replies
  • 0 Likes

Resolved! IPSEC VPN implementations

Hi this is one the sample output that i captured when i established a VPN tunnel between 2 PA firewalls.As far as my knowledge goes Ike SA's are bi directional and IPSEC SA's are uni directional correct me if i am wrong.But here i see 2 SA's in Phase 1 , but all i establised was only 1 VPN tunnel .Can some throw some light on this please . Thank...

srikanth by Not applicable
  • 4258 Views
  • 4 replies
  • 0 Likes

Resolved! Re: Upgrade Process Using Panorama

Hi do we need to activate the devices first time from Panorama is that mandatory? I already activated the devices and now when i try to add auth codes for rest of the devices its not happening and throwing error saying auth code already used.Can some one help? Thanks,Srikanth

srikanth by Not applicable
  • 6922 Views
  • 11 replies
  • 0 Likes

stunnel download triggering Virus/Win32.WGeneric.bpzq alert

Has anyone using a Palo had need to download stunnel and, if so, did it trigger a Virus alert for Virus/Win32.WGeneric.bpzq?Would like to confirm that the download has not been compromised before I bypass this alert - and I'm assuming it's not just been marked as 'grey-ware' as I would have expected a more definitive alert based on the applicati...

apackard by L4 Transporter
  • 2094 Views
  • 1 replies
  • 0 Likes

blocking traffic with User-Agent header, ie Mobile

We have a need to block mobile devices from getting to a particular host with active-sync, imap or pop3. From what I have read looking for and blocking traffic based on User-Agent is possible. Anyone ever do this with the PA ?Thanks,Justin

jhickey by L3 Networker
  • 2779 Views
  • 1 replies
  • 0 Likes

Resolved! UIA 4.1 - Monitor multiple domains

Hi,Simple question, resulting from mixed messages I've received:When using UIA 4.1 is it or is it not possible to monitor user/ip mappings for multiple domains (with trust between them) using a single User-ID agent?Thanks.

sdw by L1 Bithead
  • 2559 Views
  • 1 replies
  • 0 Likes

Firemon

Hi all, I have just installed a firemon appliance and have added the palo alto firewalls.they all seem to be pulling the configs but I see no change in the Audit log.Also the Log Status is red on all of them (In Firemon)Has anyone got this working?I know they are an official PAN partner but I dont see any feature lists anywhere.....Thanks in adv...

Resolved! User Agent

Installed the user agent on a windows 2003 server. every time you try to start the service you get the windows box stating the service was started, but then stopped.

snormoyle by Not applicable
  • 3721 Views
  • 4 replies
  • 0 Likes
  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks