This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

how to browse for adding specific AD group in LDAP authentication.

Hi..Customer would like to use SSL VPN with Active-Directory.So, I have configured SSL VPN with LDAP Authentication.There was no problem to connect SSL VPN with LDAP Authentication. after verify SSL VPN connection, I was going to add some specific group to LDAP authentication in Authentication profile.But I cannot browse Active-Directory group...

willstech by L3 Networker
  • 2464 Views
  • 1 replies
  • 0 Likes

Adding multiple IPs to external interface

I am interested in adding all of the IPs from a range like x.y.z.40/28 to the external interface of the PAN.The verbiage on the GUI makes it sound as if I need to add each IP individually.Can I add a range as listed above by entering it as x.y.z.40/28 and if so, can I then NAT inbound by individual IPs in the range by referencing the individual...

BobW by L4 Transporter
  • 3767 Views
  • 1 replies
  • 0 Likes

Resolved! URL logging without URL Filtering license

We are trying to log all URLs without having a URL Filtering licenseFor that we created a custom URL category containing*.**.*.*Seemed to work but when we compared the amount of log entries to the proxy logs we discovered that we only see less than half of the proxy URL logs in the PA URL log.Looking around we noticed that the option "Log Contai...

AndreasB by L2 Linker
  • 3688 Views
  • 1 replies
  • 0 Likes

CLI cmd to show system log

I'm trying to use the CLI to get a list of SSLVPN logins, but keep getting either "sytnax error at end of input" or "syntax error at AND" errors. what i've attempted so far is variation on:show log system subtype equal sslvpn object equal "Test SSL-VPN"I suspect it's something to do with the object name which has a space it in. I've tried single...

u11756 by Not applicable
  • 28059 Views
  • 1 replies
  • 0 Likes

ThreatLog forwarding doesnt work

Hi All,I have configured the PaloAlto to email me threatn logs for medium , high and critical alerts, but it seems to email me only medium threat alerts, how do i fix this 😞Please find attached my log forwarding profile.My email profile is configured fine, as i can receive system alert emails etc, but only with threat alerts, all i get is medi...

Combining NAT rules?

Whil my NAT rules are working fine I get the feeling I am missing something with net rules. I have an external ip which needs three ports forward to separate internal server: port 7000 goes to port 3389 on 192.168.1.1, port 7001 goes to port 389 on 192.168.1.2, port 7002 goes to 3389 on 192.168.1.3.I have these working with individual NAT rule...

BobW by L4 Transporter
  • 1920 Views
  • 1 replies
  • 0 Likes

Asymmetric routing

Does anyone else have a multi-site network with asymmetric routing? I'm having some issues getting from site to site.Here's what's going on:We have two datacenters -- one for the eastern US, the other for the western US. Each datacenter has a PA-2020. Our satellite offices use PA-500s, ASA 5505s, and ASA 5520s. There is an IPSec tunnel from ...

nwallette by Not applicable
  • 11069 Views
  • 5 replies
  • 0 Likes

PA500 Configuring a Static Routing Question?

Hello all.I have a fairly easy deployment - a set of PA500s with internal trusted and external trusted zones. On the inside, they are currently connected to a router hsrp pair and on the outside pointing to another brand FW. I have only a handful of networks inside, so I have static routes pointing to the inside/outside configured in the VR area...

dudesdad by Not applicable
  • 3173 Views
  • 2 replies
  • 0 Likes

Source NAT confusion

I am trying to provide for some 1-to-1 NAT on our PAN, which I thought we be an easy task. However, my configuration insist on using the interface IP address for outbound connections. Here is my setup.Untrusted Network Interface IP: x.x.x.10/29Trusted Network Interface IP: y.y.y.4/16Mail Server Public IP: x.x.x.12/32Mail Server Private IP: y.y...

cdpadmin by Not applicable
  • 4592 Views
  • 5 replies
  • 0 Likes

PA-5020 4.1.5 issue

Hello,Anyone else experienced any issues when upgrading to version 4.1.5?We have done one upgrade to 4.1.5 and the PA-5020 just goes into a reboot cycle.After doing the initial commit the firewall reboots and the cycle repeats.Doing a factory reset from maintenance did not help.But we tried one more thing.Since this PA-5020 does have an redundan...

How do I allow udp port 33001?

Hello All,I have encountered an issue where a downloaded client installed on Internet Explorer called Aspera client for downloading video content experienced an error.It states to check the UDP port and firewall based on code 15.Since this is application based (HTTP), where is the most effective place to allow and create the rule for the client ...

User-ID Agent AD Group Limitation?

All,Digging around in the various docs I've found I can't seem to find an answer to this question so I'll ask here..I'm curious if there is a limit on the number of AD groups per user that the Agent can handle? I'm worried we might run into some limitation cause our group situation is really out of control with no fix in sight..Thanks!-Steve

steveo by L3 Networker
  • 4196 Views
  • 3 replies
  • 0 Likes
  • 24379 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks