General Topics

Monitoring PA4020 with Cacti

Hi,

Has anyone managed to set up Cacti to manage the system resources, Mem, CPU, Sessions, Connections and so on?

I have tried the Netcreen tips as per https://live.paloaltonetworks.com/message/2968#2968

But this didnt help...

Any other tips?

Or can anyon

AIM-MAIL dependency

AD/LDAP admin authentication in 4.1

Hi all,

does anybody have an exmple of howto authenticate a user based on it's group membership against active directory?

We have 3 kind of groups in AD which should represent the access level.

Could someone please post a small summary how to achieve th

Object Reports or comapre groups option

Is there a way to print the details of a URL filter group or an Application Filter group? How about the ability to comapre 2 URL filtering groups or 2 Application groups?

We have 8 different URL filtering groups and 8 different Application filtering g

Captive Portal for AD Users

Hello,

I'm seeing an issue currently where a handful of my hundreds of AD users are being directed to the CP landing page despite their workstations being on our domain, and with valid AD user accounts. They are all on Macs and have the same configur

PA-500 throughputs?

I realize that is a difficult question to answer.  What kind of maximum throughputs are people seeing with their PA-500s?

For example: I monitor our firewall (not a PA) using PRTG via SNMP and see a fairly constant 20 Mbps with some 30-45 minute spike

XML Interface to PAN Agent

Hi

We are having a lot of issues with using the PAN Agent scraping the wrong user / ip information from our AD logs as we also have a mixture of local user logins and remote desktop RDP connections which change the user's login / ip address associatio

Skybox unable to add Palo device due to (Host without primary interface) error

Have this error appearing only on Palo's with multiple Vsys.   Devices without singular Vsys will import in to Skybox without any issue.

Anyone using Skybox and seeing similar or know if there is a particular configuration point on the Vsys we may hav

Automatic redirect logon page after idea timeout was exceeded on captive portal.

Hi all,

    After idea timeout was excceded(60 mins), our clients didn't know untill they open new browser session. How to configure PAN to support automatic redirect logon page on the same browser session.

Thank you

Chong

Cannot get DMZ access to work

I have a PA 500, running 4.0.5 and I have two zones that are 'special' : PCI and DMZ. Both are setup identically but only one works. Here is how it is:

Zones: Rest1 (Tunnel.1), DMZ (1/8), External (1/1, 1/7), Internal (1/1, tunnel, Tunnel.2), PCI (1/6

Panorama Out Of Sync

I just installed Panorama to my existing deployment, the firewalls are connected to Panorama, but the shared policy is out of sync. How do I get Panorama to house the current configuration on the firewalls? Currently with no configuration on the Pano

PBF Monitor with tunnel Interface

Hi,

I want to use PBF with IPSEC tunnel to handle failover.

I have 2 tunnels with the same proxy id, so I need to route a network between one tunnel, and if this tunnel is down I need to automatically route to the second tunnel.

But how to use monitorin

Global Protect Licensing for Differing PA Models in a Network

There are specific, per device type, Global Protect licensing SKUs. If a customer/enterprise has multiple PAN device types on their network, is it necessary that each has it's own specific corresponding SKU type applied to it, or are they in fact int

Can the defualt ssh port be change on a PA-500?

Does anyone know if you can change the port the PA-500 listens for SSH request on from the default 22 to another port?