Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 157 Views
  • 0 replies
  • 0 Likes

Allowing the PAN to respond to tracert

I'm able to ping the interface and don't see any denies in the log, but when I traceroute through the PA-500 it does not respond.

The rest of the hops do respond, just not the PAN itself.

bjdraw by Not applicable
  • 7741 Views
  • 5 replies
  • 0 Likes

User ID Agent

Hello-  I am running PAN OS version 3.1.7.  I am running a User ID agent on an application server within the domain but I am not getting complete user ID information in my traffic/threat logs.  We have just upgraded to Windows 2008 R2 64 bit domain c

...

Resolved! User names not showing in logs, but do show when writing rules

I have a PA500 running version 4.0.5 and a PAN-agent running 3.1.2AD.

I see the pan-agent working and connected to the PA-500 when I run the "show user pan-agent statistics"  it says I have hundreds of users and all my groups and IP's in the output o

...

mnwvpn by Not applicable
  • 3391 Views
  • 2 replies
  • 0 Likes

User-ID users not timing out

I only have a few users currently as this is a new deployment however the very few users I have do not seem to time out.  I'm using the latest PAN agent on Win2008 R2.

I have users still mapped who haven't been in the office for over 2 weeks. I have m

...

msnazel by L0 Member
  • 2287 Views
  • 2 replies
  • 0 Likes

Application is Incomplete

In the monitor log, what does it mean when it shows Incomplete under the Application?

I am blocking incoming RDP and everything works fine (Action = Deny) as long as it sees it as MS-RDP or T.120 but I am seeing some traffic shown as Action = Allow on

...

rbrogdon by Not applicable
  • 7782 Views
  • 5 replies
  • 1 Likes

NAT Multiple external IP's to a single inside host

I'm trying to find documentation and/or any help to see if PAN firewalls are capable of NATing Two external IP's to a single host IP.

My scenario:

ISP1 204.23.123.123

                               ----------> Internal host 10.10.10.10

ISP2 79.23.123.123

...

Block doubleclick.net

Hello,

I would like to block   *.doubleclick.net    because I am suspecting that it is the source of few spyware infections in our corporate network. Has anyone blocked this category of websites in the past? Is there a side effect if I block them (e.g

...

Resolved! Panorama 4.0.5 Pushing Policy to 3.1.9

Confirmed with support that if Panorama is running 4.0.5 and a managed device is 3.1.9 policy will not Push to the remote device from Panorama.  The workaround would be to downgrade Panorama to 4.0.4 which requires reboot and reindexing or upgrade re

...

opiedrah by L0 Member
  • 2154 Views
  • 1 replies
  • 0 Likes

Resolved! SSL VPN and TLS support

The NetConnect user authentication page does not load completely when the client browser (IE 8, for example) has TLS 1.1 / 1.2 enabled.  Instead of the Name and Password prompt, you get a popup window with an empty white frame.

I read a couple recent

...

nwallette by Not applicable
  • 2402 Views
  • 1 replies
  • 0 Likes

Is PBR similar or better than WCCP?

We're planning on implementing WCCP to route http and some streaming traffic to our proxy, but looking at how PBR work it's very similar. Can someone please give me a good comparison between the 2?

thank you.

friento by L3 Networker
  • 4816 Views
  • 2 replies
  • 0 Likes

Current session/connection information by subnet

Hi

We're trying to isolate the source of some high session traffic in one of our regions. This is showing up in our exterior firewall connection count, and also on our PA device which is in line.

I can see the sessions by using the command line tools a

...

How is QoS applied

Hello,

can somebody explain how QoS is applied on traffic through the PA.

I know that I configure a QoS Profile, bind it to an interface and create a QoS policy,

and that all belongs to the egress traffic of an interface.

But what happens if I configure

...

indevis by L2 Linker
  • 3124 Views
  • 2 replies
  • 0 Likes

URL Filtering License Monitoring

I have a setup where I need to block traffic if our URL filtering license is not working as apposed to letting traffic go out with out the filtering.  I want to monitor this license expiration some how.  I don't want us to find out that our license h

...

How to configure different Access Route in a SSL VPN?

My question is that I need to configure different Access Route for different user's profiles.

For example:

Group users 1 Access Route only to 192.168.0.0/16

Group users 2 Access Route all packets, 0.0.0.0/0.

It is possible with PA?

Thanks,

Félix Sánchez


  • 23595 Posts
  • 107 Subscriptions
Top Liked Authors
Labels