General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 218 Views
  • 0 replies
  • 0 Likes

VPN WITH PIX AND FQDN

hello,

I try to migrate a vpn between pix and palo-alto

when I try to generate traffic I can see the following error :

IKE phase-1 negotiation is failed. When pre-shared key is used, peer-ID must be type IP address. Received type FQDN

I understand that m

...

alle by L3 Networker
  • 3618 Views
  • 5 replies
  • 0 Likes

Resolved! policy based forwarding to proxy

We use ntlm (CP) to authenticate our users against the PA.

We want any http traffic forwarded to a proxy. The proxy would have http access to the internet through the PA. I was thinking of using a policy based forwarding rule to forward service-http t

...

dieter_b by L4 Transporter
  • 6426 Views
  • 4 replies
  • 0 Likes

Skype only zone configuration...

Hi!

I am trying to setup a zone with Skype only configuration with the following "Application Group":

  • skype
  • skype-probe
  • web-browsing

The end result is that Skype voice works fine; however, Add Contacts feature in Skype doesn't work.

I am testing with the 5

...

gebis_it by Not applicable
  • 3153 Views
  • 4 replies
  • 0 Likes

File Uploads to Wildfire

I have seen another thread on this issue in the KnowledgePoint database; however, there was no resolution or answer to the question.  I have setup the Wildfire configuration on all of my PA500's per the documentation provided.  When matching the fil

...

Steven by L1 Bithead
  • 3610 Views
  • 4 replies
  • 0 Likes

Resolved! show config running xpath syntax

Hello,

I try to figure out the correct sytax for the xpath option of the show config running CLI-command (running PAN-OS 3.0.6).

? says:

+ xpath    xpath of the node to retrieve

but every way I tried to describe the node I want gives me a "Invalid syntax

...

PAkeeper by L0 Member
  • 9044 Views
  • 5 replies
  • 0 Likes

Bittorent session identification

On PA-500 with PAN-OS 4.0.7, I have seen a session on dashboard-top application-last hour, but in corresponding ACC and in Monitor Traffic Log I don't find a record session. There is any reason ? Thanks

lauro7 by L0 Member
  • 3276 Views
  • 5 replies
  • 0 Likes

After migration from Checkpoint, any tips?

All,

We recently migrated from Checkpoint to PANOS (via the conversion tool) and so far things are looking pretty good. The next step of our project is to convert port based rules to app type rules and I wanted to get some feedback, tips, etc from oth

...

steveo by L3 Networker
  • 4418 Views
  • 4 replies
  • 0 Likes

Service Objects and multiple ports

I have the need to create a rule with three applications, ncp, ms-update and ssl.  Two of those applications use their standard ports - ncp (524) and ms-update (80 & 443).  The ssl application uses port 13000 - not the standard 443.

  1. If I create a sing
...

UID Agent Not Recognizing Docked Laptops

Last week we depolyed a PA500 for the first time and are seeing an issue with certain computers.  The issue is affecting some users who have laptops and are using them on a docking station.  When they are docked the computer essentially has two NICs

...

polgarm by Not applicable
  • 3169 Views
  • 2 replies
  • 0 Likes

Resolved! Cannot import certificates

Hello

I know the instruction how to convert the SubCA certificate from an MS CA

the pem files are OK

but I can't import them into the PA, with 4.1.4

Te PA starts Uploadding but nothing happens

The WebGUI keep showing the upload process for over 5 min

The s

...

Increased Data Plane CPU Utilization in 4.1.4?

We recently upgraded our PA-4020s from 4.0.9 to 4.1.4 a few weeks ago.  However, since the upgrade, we have noticed a 20-25% increase in our data plane CPU.  We usually averaged around 40% during business hours, but lately it has increased to 60-65%.

...

sham by Not applicable
  • 2311 Views
  • 3 replies
  • 0 Likes

CLI command for LDAP status in 4.1.4

Hi,

I am trying to setup a server profile for LDAP in PAN OS 4.1.4

Unfortunatelly I only see some groups of users but not the individual users themself.

Running the command "show users ldap-server" is not available in 4.1.4.

Attached is a screenshot of t

...

cschmi by Not applicable
  • 10754 Views
  • 16 replies
  • 0 Likes

Resolved! Is there a way to copy partial configs?

If I had a cisco, I could copy/paste partial configs between devices, is there away to do this with the PA?

I have some tunnels that need to get built across several firewalls, but I dont want to go to each one.

erantanen by Not applicable
  • 2729 Views
  • 2 replies
  • 0 Likes
  • 23780 Posts
  • 111 Subscriptions
Top Solution Authors
Labels