General Topics

Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 194 Views
  • 0 replies
  • 0 Likes

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 876 Views
  • 0 replies
  • 0 Likes

check to check "deny" packages

Hi

I have some rules that will allow IPSEC between two Windows Domain Controllers, but it only works when I allow "any" underapplication - unless I ping from both ends.

So how can I see what port I am missing in my custom application group?

Thanks

FlexyZ by L3 Networker
  • 1618 Views
  • 1 replies
  • 0 Likes

User-id is it possible to check computers?

Hello,

One of our clients want to know if it is possible to build policies based on computer membership to AD groups.

In this situation we want to differentiate between computers that belongs to AD and which do not in purpose of VPN connections, so tha

...

Terminal Services User-ID Agent Flaw

A new customer during deployment was wanting to test how well the TS User ID agent was working at identifying users. We logged on as User A and started a specific ping. We search the log file, and there was the ping. We had it running continuous for

...

dpayne by L1 Bithead
  • 3475 Views
  • 4 replies
  • 0 Likes

Anti-spoofing Question

I'm trying to compare checkpoint interface topology configuration to panos. Is there a setting in panos where you can define what networks are behind an interface?

probin02 by Not applicable
  • 6208 Views
  • 5 replies
  • 0 Likes

Blocking by AppID don't work as expected

Hi

To block a webpage like Facebook, I have the follow two possibilities.

1) Block it by the Url Filter

2) Block it by the AppID

Since the URL Filter just looks at the URL and no other content. Access to Facebook will only be blocked if I try to access i

...

User_333 by L2 Linker
  • 2446 Views
  • 2 replies
  • 0 Likes

Resolved! Custom URL wildcard

Hi all,

I have a question relating to wildcards in a Custom URL Category on PA-500 - 4.1.0

I have the following entry in my custom URL category

     *.centos.org

and I'm finding that I'm getting a match with the following URL (and many others)

     mirror

...

DavePalo by L4 Transporter
  • 5920 Views
  • 9 replies
  • 1 Likes

Trouble after upgrading to 4.1

I was currently running 4.0.5 on panorama and HA active passive 2050 cluster.

The upgrade ran rather smoothly.

has something changed for service declaration in 4.1?

I define my addresses and custom services on the panorama which I sync to the HA cluster

...

Virtual balancing and PBF

Hi all,

My client need to do Load Balancing in his wan interfaces, I did the next config, in PBF I put four policies, one for the two Internet segments asigned to the first and more faster output (TRUST to (1.0.0.1-126.255.255.254) & (128.0.0.1-192.25

...

p_marquez by Not applicable
  • 1968 Views
  • 1 replies
  • 0 Likes

Resolved! URL Content filtering Question - Netflix

Ok, don't shoot the messenger but I was asked to see if I could unblock the queue management area for Netflix but still block the streaming media part of it...  We're using the URL filtering capabilities of the PA 2050 device and I have a policy defi

...

Emailing of CSV reports?

Currently my reports can only output in the default behavior offered - PDF's are sent automatically - however, some groups within the company that specifically manage risk want to add automation to the mitigation process - and doing that would be muc

...

jsilvia by Not applicable
  • 3601 Views
  • 1 replies
  • 0 Likes

DHCP server -> conflict IP

Hi

I have a DHCP server enabled on one of my interfaces, but clients have problem getting IPs back - after reboot of windows machines it normally works, but this normally not an issue with other DHCP servers.

Here is one message ->

An error occurred whi

...

FlexyZ by L3 Networker
  • 5343 Views
  • 4 replies
  • 0 Likes

Overlapping networks - NAT

Hi!

I have another problem - this time with overlapping networks. Here is a picture:

I'm the administrator of PA1. How can user from PC1 connect with PC2 ? I tried with destination and source nat on PA1 but i had to add routing to the destination trans

...

Resolved! App-ID block the whole category

Hi guys,

i have several distinct classes of users, and whole categories of apps need to be blocked for several of these classes. Is there a way to block a whole application category, similar to the way we can block whole categories using the URL filte

...

bkandola by L0 Member
  • 2291 Views
  • 1 replies
  • 0 Likes
  • 24011 Posts
  • 115 Subscriptions
Top Solution Authors
Top Liked Posts
Top Liked Authors
Labels