General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Connecting a videoconference to PAN without using NAT

Hello All,I have this small question here that I hope can find answers or suggestions.Currently we have a videoconference unit that was connected to the internet via NATting in the PAN ? I am wondering if there is a way to make it non-nat by connecting it to one of the available free interface and make it appear as a internet facing unit. Any su...

mmxong by Not applicable
  • 2143 Views
  • 1 replies
  • 0 Likes

application vs url categories dependencies

I want to allow access to Twitter, but block all other social-networking services.The obvious approach is to allow the Twitter application and then have a rule blocking the social-networking category for web-browsing and ssl, but this doesn't work, Twitter gets blocked also. In order to allow Twitter to work I have to add twitter.com and *.twit...

Resolved! How to handle jdownloader?

Hi guys,I was wondering what the best way to handle jdownloader or other download managers? Are they treated as seperate apps? Is the only way to deal with this via QoS policies? I'd love to hear about your experiences.Alex

Abs by L3 Networker
  • 9984 Views
  • 12 replies
  • 0 Likes

Resolved! execute command on other device

Hi, Live Community,Can you please tell me whether or not it is possible to execute a command on the other device in PAN-OS, and see the output (without logging into the other device, for example)?Thank-you so much,Dan Sullivan

dsulli99 by Not applicable
  • 2570 Views
  • 1 replies
  • 0 Likes

Google Docs Phishing Issues

So I dont know if its just us but we are getting hammered with phishing requests to google docs web sites. The latest is:https://docs.google.com/a/smps.k12.ok.us/spreadsheet/viewform?formkey=dGdKTFpTcW5KVVF1UGxJTFJ0aF9UdHc6MQMy URL Filter wont block this because it is SSL. It can read the cert which points to *.google.com but not the specific UR...

jhickey by L3 Networker
  • 5152 Views
  • 6 replies
  • 0 Likes

PA 5050 Shadow Rule Error

Hi all, I am configuring PA 5050 and populationg the security policy rule base. While i am making ule bases , and during commit , i am geting the error message that the Rule3 (suppose rule 3 ) is shadowning Rule 4 in the sequence. I am getting this error repetidly while I am making policies, although there is no resemblence in any filed in Rule ...

itsecll by L1 Bithead
  • 7147 Views
  • 4 replies
  • 0 Likes

Resolved! How HA active/passive 2000 series works

Hi Guys ,I have a dubt about HA Active/passive How it`s works ? i need to have a float IP ?OR my 2 appliances need to have the same configuration ?I see some docs , but i don`t understand how HA works.So if somebody can help me I`m using 4.1.3 PAN-OS.Best Regards.Thiago Lima.

Thiago by L3 Networker
  • 7751 Views
  • 12 replies
  • 0 Likes

User ID agent / User-IP-Mapping issue

Hello,I have simple request: created access rule based by group.(and this part looks clear and working to me). Problem that i can make User-IP mapping to work correctly. With desktops i do not see any issues because their users do not change mostly at all. Major problem is with laptops. Users migrates between meeting rooms, use wifi and comes ba...

rimbalt by L1 Bithead
  • 3134 Views
  • 3 replies
  • 0 Likes

PA-2050 commit frustration

Hello,We have 2x PA-2050 devices in HA running 3.1.10 and I'm frustrating about commit time, it takes like 5-10 min.Can I expect significant improvement, commit time speaking, with upgrade to 4.1.5 ?Field experiences in commit time with 4.1.5 ?Or should I think about PA-4000 platform ?

Resolved! Delay in SSH prompt

Hi, All,I have a hopefully quick question regarding my Palo Alto 5050 firewall pair; whenever I go to log in via SSH, I get a delay of approximately 5-10 seconds before I am actually prompted for a password. Is this normal? This is more of a nuisance than anything causing a problem, however it is begining to bother me because I am logging into...

dsulli99 by Not applicable
  • 5825 Views
  • 4 replies
  • 0 Likes

Monitor throughput of dataplane using snmp

Hi allis there a way to monitor the throughput of the dataplane? I would like to turn on threat protection on my Palo's but I need to be able to log the throughput so I can see the effect it has. I am monitoring the Dataplane CPU but would like to also monitor the traffic.Any help possible would be grand.ThanksJoe Thurwood

BBHLTD by Not applicable
  • 5516 Views
  • 2 replies
  • 0 Likes

Block a particular Google Document

Greetings,One of my users forwarded me a phishing email that points to Google Docs to collect information (username/password). The URL looks like: "https://docs.google.com/a/b/c/viewform?formkey=asdfasdfasdfasdf" (not the real url). Is there a way to block one google doc in PANOS?Thanks,Dave M

dmarion by L1 Bithead
  • 3395 Views
  • 3 replies
  • 0 Likes

QoS Markings

I have a couple pa-500's. I have a voip system that right now sits in front of the FW. I would like to put it behind the FW. If I have my switches and routers currently marking the voip traffic with an ip precedence of 5. Once I move the VOIP systme behind FW will the marking be acknowledge by the PA's? Is it as simple as creating a QoS policy a...

jsanchez by Not applicable
  • 3049 Views
  • 3 replies
  • 0 Likes

question about packet dump about incomplete, insufficient-data and insufficient-data

Hi...I’d like to a packet dump about incomplete, not-applicable, insufficient-data.I tried to set a packet dump command like below. Set application dump on application incompleteSet application dump on application not-applicable.Set application dump on application insufficient-data.But, I can’t see any packet capture related to these application...

willstech by L3 Networker
  • 4275 Views
  • 4 replies
  • 0 Likes
  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels