This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

One day in production with 4.1.3

Alright, this is basically a rant..I installed a PA-500 at a site this last weekend, replacing a Cisco ASA 5520. We are using this site as our test bed for the 4.1 codebase before rolling it out company-wide. To be honest, I'm in no hurry to move from 3.1, but we ran into a problem where 3.1.10 would not properly translate H.323 traffic throug...

nwallette by Not applicable
  • 8552 Views
  • 11 replies
  • 0 Likes

Allowing Mac mail client to send/receive

I have users/board members that come on campus and need to get mail through applications like the built in mail client on a Mac or from a FirstClass mail server. In this instance the ports they need to communicate with are 995 and 510 respectively. We have a rule allowing all outbound traffic but I can't seem to get configured correctly for them...

jpzynski by Not applicable
  • 2863 Views
  • 1 replies
  • 0 Likes

Applying security policies with security profile groups

Typically, are these applied on the inbound direction or outbound direction of an interface?And if you wanted to protect an entire zone/interface would you just apply it to any source and any destination?For example if you wanted to apply Antivirus to a interface dedicated to your Wifi access devices?Thanks

dkhoe by L1 Bithead
  • 2174 Views
  • 1 replies
  • 0 Likes

Resolved! What DROPS User -> IP Mappings

Hi,For no apparent reason my AD account is not generating reliable User->IP mappings via the UserID agent - after working fine for weeks.As part of my investigations into this I can see that my User->IP map is being generated, appearing on the UserID agent list and being listed on the Palo Alto itself; then it will just disappear from both...

apackard by L4 Transporter
  • 3750 Views
  • 2 replies
  • 0 Likes

Global Protect

Hi all,im tryng various option to disable the global protect client on my macbook.The vpn client works fine, but if i select the disable option with ticket, or with pass code, and try to disconnect from the client it's disconnect without challange or request password. I've also specified to doesn't display the advenced tab and i see the option i...

fcellini by Not applicable
  • 16831 Views
  • 16 replies
  • 0 Likes

WMI max allowed entries?

I've seeing the following error in our user id agent logs (3.1 agent).2012 03 21 11:13:33, Number of pending entries(4540) exceeds max. allowed(1000)Anyone know about this max limit? Can it be modified? Do failed polls just accumulate indefinetely? Will extending polling windows alleviate this or adding additional user id agents?1000 seems sort ...

jasbeck by Not applicable
  • 4458 Views
  • 2 replies
  • 0 Likes

Proper Reporting

Is there a white paper that goes into detail of what all can be done with reporting? I need to see a bandwidth to website ratio. Like facbook traffic accounted for 30% of bandwidth usage today. I would love to have some sort of a reference guide that has more detail and explains a bit more than the Admin Guide. Also can i view the PDF Summa...

u10723 by Not applicable
  • 2958 Views
  • 2 replies
  • 0 Likes

Resolved! Question of SSL VPN in HA active active.

Hello there. i have some questions regarding of SSL VPN in active active HA. 1. If I have configure Active-Active HA with PA500, is it possible to support 120 concurrent user at Active-Active HA? (limitation of SSL VPN concurrent user from PA500: 100 concurrent users.)2. If it is support 120 concurrent users is it possible to traffic load an...

willstech by L3 Networker
  • 3178 Views
  • 2 replies
  • 0 Likes

Destination: Public IP that NATs to DMZ private IP

Hi all,I'm trying to get a better understanding of how a specific request is completed. If an internal private IP, say 10.10.10.20 leaves the provate network behind an IP of 2.2.2.2 and heads to the Internet fine then tries to go to an IP which the firewall NATs, such as 2.2.2.3 to a DMZ IP of 10.10.50.20. What is the source for the packet?Does ...

UKRB by L3 Networker
  • 3496 Views
  • 2 replies
  • 0 Likes

Cutoff Reports

Our pdf reports are cutting off columns. The first column is cutoff down the middle and not real sure what else it is cutting off.

DHCP OPTION 161 (FTP)

Hi,Does anybody know a workaround for adding DHCP option 161 (ftp)? As far as i know this is not supported at this time, rendering DHCP for thin clients useless. I'm not that interested in using DHCP relaying.Palo Alto: Do you have an ETA on this option? You support captive portal etc on citrix, so should have this possibility.

johnd by L2 Linker
  • 3054 Views
  • 2 replies
  • 0 Likes

Authentication Sequence

I got two AD Domains.I did the two ldap and two kerberos configsIn the Authentication Sequence ch-dom ist the first one and the second is stebos. They are both kerberos profilesUsers in ch-dom can authenticate. User in stebos get immediatly a auth failer.LDAP is working on both AD, I can see users and groups.In Traffic Monitor I don't see kerber...

gsteiner by L3 Networker
  • 7859 Views
  • 11 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks