General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Monitoring PA4020 with Cacti

Hi,Has anyone managed to set up Cacti to manage the system resources, Mem, CPU, Sessions, Connections and so on?I have tried the Netcreen tips as per https://live.paloaltonetworks.com/message/2968#2968But this didnt help...Any other tips?Or can anyone suggest a monitoring tool thats better than Cacti?Richard

onesj by Not applicable
  • 4626 Views
  • 2 replies
  • 0 Likes

AIM-MAIL dependency

After a recent APP-ID update, AIM-MAIL is sqwauking about not having imap, smtp and pop3 dependencies enabled. Users still get access to their webmail, but I'd like not to continue getting the below warnings. Ideally, I'd like PA to re-address this APPs dependencies. Anyone else dealing/dealt with this?- <response status="success">- <r...

AD/LDAP admin authentication in 4.1

Hi all,does anybody have an exmple of howto authenticate a user based on it's group membership against active directory?We have 3 kind of groups in AD which should represent the access level.Could someone please post a small summary how to achieve this.I tried alreday to setup LDAP Server Profile and the Authentication Profile but in the authent...

muellerm by Not applicable
  • 7074 Views
  • 7 replies
  • 0 Likes

Object Reports or comapre groups option

Is there a way to print the details of a URL filter group or an Application Filter group? How about the ability to comapre 2 URL filtering groups or 2 Application groups?We have 8 different URL filtering groups and 8 different Application filtering groups.For example, recently I was asked "What URL filtering categories are blocked in the "All Te...

Captive Portal for AD Users

Hello, I'm seeing an issue currently where a handful of my hundreds of AD users are being directed to the CP landing page despite their workstations being on our domain, and with valid AD user accounts. They are all on Macs and have the same configuration as every other mac. If I check our DCs for the user security log entries I can see the nece...

Conde01 by L1 Bithead
  • 4745 Views
  • 5 replies
  • 0 Likes

PA-500 throughputs?

I realize that is a difficult question to answer. What kind of maximum throughputs are people seeing with their PA-500s?For example: I monitor our firewall (not a PA) using PRTG via SNMP and see a fairly constant 20 Mbps with some 30-45 minute spikes up to 35 Mbps. Nights I see 30+ constantly (we are a boarding school and their is a lot of str...

XML Interface to PAN Agent

HiWe are having a lot of issues with using the PAN Agent scraping the wrong user / ip information from our AD logs as we also have a mixture of local user logins and remote desktop RDP connections which change the user's login / ip address association which I'm sure you are all aware of.I'm aware that the UID Agent that is used for E-Directory L...

ERIKS by L1 Bithead
  • 3928 Views
  • 2 replies
  • 0 Likes

Skybox unable to add Palo device due to (Host without primary interface) error

Have this error appearing only on Palo's with multiple Vsys. Devices without singular Vsys will import in to Skybox without any issue.Anyone using Skybox and seeing similar or know if there is a particular configuration point on the Vsys we may have missed ? We are in the process of deploying the Palo's in to a live environment so are quite ne...

gawainuk by Not applicable
  • 4092 Views
  • 2 replies
  • 0 Likes

Resolved! Schedules object

Hi,I have a question about the schedules object which is used in security policy.Is there any notification can remind the firewall administrator to cleanup the policy after the schedule object expiration?Thanks,Richard

Cannot get DMZ access to work

I have a PA 500, running 4.0.5 and I have two zones that are 'special' : PCI and DMZ. Both are setup identically but only one works. Here is how it is:Zones: Rest1 (Tunnel.1), DMZ (1/8), External (1/1, 1/7), Internal (1/1, tunnel, Tunnel.2), PCI (1/6) and WiFi (1/4). Both Trust and Untrust show up but only as Virtual-Wire, no zones or VS.VR1: Ha...

u7483 by Not applicable
  • 8529 Views
  • 7 replies
  • 0 Likes

Panorama Out Of Sync

I just installed Panorama to my existing deployment, the firewalls are connected to Panorama, but the shared policy is out of sync. How do I get Panorama to house the current configuration on the firewalls? Currently with no configuration on the Panorama, I assume pushing commit will wipe my firewalls, that is obviously not feasible.Thanks,Craig

PBF Monitor with tunnel Interface

Hi,I want to use PBF with IPSEC tunnel to handle failover.I have 2 tunnels with the same proxy id, so I need to route a network between one tunnel, and if this tunnel is down I need to automatically route to the second tunnel.But how to use monitoring in the PBF rule with a tunnel interface?I think I have to configure a IP on the tunnel interfac...

martin by L0 Member
  • 3216 Views
  • 1 replies
  • 0 Likes

Global Protect Licensing for Differing PA Models in a Network

There are specific, per device type, Global Protect licensing SKUs. If a customer/enterprise has multiple PAN device types on their network, is it necessary that each has it's own specific corresponding SKU type applied to it, or are they in fact interchangable? -Thanks

Chrisoph by Not applicable
  • 2533 Views
  • 2 replies
  • 0 Likes
  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels