General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

problem of application dependency for security rule

Hi all.I have a question of application dependency when define a security rule with application. I’d like to add a security rule for a webex, and webex must requires SSL due to application dependency. so I add both of applications webex and SSL in a same security rule for allow to webex. After added a rule, I can access SSL webex. But other SSL...

willstech by L3 Networker
  • 4978 Views
  • 6 replies
  • 0 Likes

Can a Captive Portal Page be Triggered by a Value in the User Agent String?

Hello, I am working on setting up URL Filtering on a PAN-5020 as part of converting away from a Proxy. One of our requirements is to authenticate the user on generic login workstations by providing their credentials when they attempt to view a website that is external to us. I would like to force a Captive Portal Page to be displayed wh...

Art by L3 Networker
  • 5636 Views
  • 8 replies
  • 0 Likes

Global protect excluded networks

Hi all,there is a method on global protect to send all my traffic into the tunnel, but exclude the subnet range of the customer to remain connected with the office network and browse the web protected from office infrastructure, but with the possibility to work on all customer network and not only on the same lan?Thanks.

fcellini by Not applicable
  • 3229 Views
  • 3 replies
  • 0 Likes

IPSec VPN (non site to site)

Is there any document that shows how to configure IPSec VPN (or any vpn rather than SSL) on the PAN? I am not looking for site to site. I only found site to site configuration. The solution will be for clients who can vpn in remotely from everywhere. I'd like to offer this as a second vpn solution after ssl vpn which sometimes give a few iss...

Source Address/Source User

When both a source address and a source user are specified, is the rule matchsource address AND source user?source address OR source user?My guess is #1, but I can't find documentation to back that up.Thanks,Bart

user group mapping

Using PanOS 4.1.2 on 5020listing group mapping:show user group name "<DOMAIN>\<GROUP NAME>"we get something like this[1 ] <DOMAIN>\<name>.<surname>....though in "user id identification->group mapping settings" under "user objects"we discretely choose"Object Class: person""User Name: sAMAccountName"and browsin...

mpaskevic by Not applicable
  • 4469 Views
  • 1 replies
  • 0 Likes

Captive Portal not working in V-Wire mode on version 4.1.2

Hi Guys,Scenario: Palo Alto installed in Virtual Wire mode between HP 5412 L3 switch and Threat Management Gateway (TMG) simliar to ISA which is also a Proxy Server with port 8081. Traffic passes through Palo Alto for content filtering and works fine (10.0.0.0/8). Captive Portal was configured for wireless users on 172.16.0.0/16 network with ...

Intercept DNS requests

Hi all,I've read in an article that it's possible to intercept DNS requests with DNS proxy without setting PA IP address as the computer DNS Server.Following this article, I've enabled DNS proxy in a PA interface (inside), redirecting DNS request to a public DNS server; I've set up a DNS proxy rule to try to intercept the requests (for example, ...

SYSTEM ALERT : high : SSL connect error

Have any body got such error message as below:domain: 1receive_time: 2012/02/13 19:10:00serial: 0002C123456seqno: 0actionflags: 0x0type: SYSTEMsubtype: generalconfig_ver: 0time_generated: 2012/02/13 19:10:00vsys: eventid: generalobject: fmt: 0id: 0module: generalseverity: highopaque: SSL connect error(10.2.1.1): 5, source: 10.3.1.250We got ...

Apostrophe in user name breaks query builder

Hi all,I have a username in my organisation that is domain\john.o'neill and I'm finding that when I try to do a query such as (user.src eq 'domain\john.doe') it's fine, but when I put in (user.src eq 'domain\john.o'neill'). I appreciate that this is because I'm esentially saying (user.src eq 'domain\john.o' ) but with neill' on the end.Is there ...

UKRB by L3 Networker
  • 2502 Views
  • 1 replies
  • 0 Likes

Is there a way to eliminate the need for SSL-VPN users authenticating via AD to enter the Domain field before the username ?

I am using a PA-2050 and OS 4.0.5 (plans to upgrade shortly to 4.0.8) with NetConnect. We recently started using AD for authentication and it's working very well with one exception: the users must enter the AD domain name in with their username. Ex: domain\usernameIs there a way to remove the need to enter the domain name if you are only u...

dcowan by Not applicable
  • 3678 Views
  • 3 replies
  • 0 Likes

PAN 500 - 4.1.2 - Bypass Mgmt Interface

Hi,I am pretty new to PAN Firewalls, and my question is really basic.I would like to use only two interfaces on my Firewall : ethernet1/7 as my Lan and ethernet1/8 as my Internet Acess.I would like to avoid using Mgmt Interface port.I have found a thread which explains how to enable management on any interface through CLI. And it did worked well...

  • 24400 Posts
  • 123 Subscriptions
Top Solution Authors
Labels