General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Any way to Manually Sync LDAP Group Mapping?

Is there any way to manually sync the LDAP Group Mapping/User Identification in Palo Alto? We have the sync interval set to 4 hours, but there are times where would would like to sync manually.

jambulo by L4 Transporter
  • 54146 Views
  • 1 replies
  • 2 Likes

Cannot create rules based on users

Hi, I've installed a new PA-500 device. I've also installed the UID-Agent and it's communicating with the Palo Alto because:"show user ip-user-mapping" return results with many userson monitor tab I have the users displayedon acc tab i also statistics with usersBut when i want to create rules and add a user it doesn't show any user available.

licenselu by L4 Transporter
  • 4179 Views
  • 6 replies
  • 0 Likes

Resolved! How to detect DNS TXT messages

is it possible to detect and furthermore block DNS TXT messages via a Threat Signature? The goal is to disable DNS Queries regarding TXT resource records.Not sure if the context dns-req-section does the job...Did anyone ever try this?Thanks!Stefan

Virtual Routers

We recently switched ISPs and they assigned as a 32 address block that sits behind 1 address. i.e 71.100.100.192/27 block behind 71.100.100.50/30. We are now connected to the ISP with the PAN addressed as 71.100.100.50/30 with a default route destination of 71.100.100.49. That router knows of the IP block we have. Our mail server'sv outside dns ...

Resolved! Difference between gtalk and google-talk?

In todays content update one can read:"Modified Decoders (6) Name gtalk-p2p ipsec-esp-udp jabber ssl google-talk oracle "How come gtalk-p2p isnt named google-talk-p2p or is gtalk something else?Yeah I know this is a decoder which is not browsable (and therefor not found in Application Research Center ) b...

mikand by L6 Presenter
  • 2729 Views
  • 1 replies
  • 0 Likes

Resolved! PCI and WSUS

I need to create rules for a PCI firewall for a WSUS server. Microsoft does not publish IP's for their update points so this is problematic on a PCI firewall (or it seems to me). I can either:1) create a rule which allows the server out to "any" using port 80 and 4432) use url filtering (I'm new to the box and it seems this opens the network to ...

Gerry_RH by L0 Member
  • 5348 Views
  • 4 replies
  • 0 Likes

Resolved! Captive Portal Certain AD-Users

I have a unique situation. Currently, I have a 10,000 + user based network and implemented Captive Portal Policy. We have certain AD accounts that auto login with certain machines. We want to always captive portal those certain logins. So I am wanting to ignore the AD authentication for those forcing them to be CPed. Any ideas on the best wa...

netslh by Not applicable
  • 2498 Views
  • 1 replies
  • 0 Likes

Resolved! help to configure a DMZ and NAT

hi,i need a little help to configure a DMZ. here is our situation:interfacesethernet1/1 - 1.1.1.1 (public - NAT clients)ethernet1/1.1 - 1.1.1.2 (public - NAT DMZ)ethernet1/1.2 - 1.1.1.3 (public)..ethernet1/6 - 10.10.30.1 (DMZ).ethernet1/8 - 10.10.20.1 (clients)routingdefault route 0.0.0.0 -> 1.1.1.1 (works!)NATclientOut dynamic-ip-and-port et...

assona by L0 Member
  • 4259 Views
  • 2 replies
  • 0 Likes

Resolved! Aggregate Ethernet interface: LACP and PaGP support

Hello, Everybody,we would like to aggregate ethernet interfaces of our PA-5050 (4.1.7 PANOS) in order to have a redundant physical connection towards our Cisco Catalyst switches.Sound like LACP is not working with PAN and we had to set PaGP, which, on the other hand, cannot be configured to aggregate interfaces of different Catalyst switches, ev...

Bucche by L2 Linker
  • 12767 Views
  • 7 replies
  • 2 Likes

Resolved! Untagged sub-interface doesn't support in OSPF on v4.1.6.

Hello,Cause untagged sub-interface does not support in OSPF routing from v4.1.5. If I have that configuration usage in firmware before v4.1.5 (v4.1.1). What is the right way to configure OSPF area interface, if I want to keep IP address(subnet) of that sub-interface to be re-distributed in OSPF routing table?Now, I use Loopback sub-inteface inst...

Resolved! URL/Application Blocking

Hi Guys,Just wanna ask a few question. I was testing out the URL and Application Blocking. I was trying to block the facebook-chat, facebook-posting, etc.to cut the story, I want to block the applications inside facebook but not the whole website. sadly, it doesn't work.I can still chat post etc..so if you guys have something to say please let m...

HA email alert

hello guys,does email configuration on pan allow you to receive email alert when primary or secondary pan ( in HA-mode ) when the primary firewall goes down? or when any of them stop responding ?regards,bp

Nike Plus

I have a Palo Alto 2050, software version 4.1.6I have a user behind my Palo who can't log on to his Nike+ account. When he attempts to log on he gets redirected back to the sign on page continually. We've tested this outside the firewall and he has no problem. Anyone else seen this problemThank you,David Scott

Decryption

Does the PAN still inspect secured traffic for all threats if it's not decrypting it?

jorge by Not applicable
  • 5049 Views
  • 7 replies
  • 0 Likes
  • 24400 Posts
  • 123 Subscriptions
Top Solution Authors
Labels