General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Multiple Remote Access VPNs, same gateway IP?

Hey all,I'm coming over from the Cisco world and trying to setup two separate remote access VPNs but using the same gateway IP. My understanding is that normally with the PA you can use the security policies to differentiate users and provide access restrictions to different users that way.Say though you wanted two different remote access VPNs e...

Bug in Global Protect Client 1.1.2-9

With GlobalProtect Client 1.1.2-9 on Win 64bit is a Problem when you enter here a DNS Name instead a IP Adress.It worked with Client 1.1.1-9, so all users who did the Update hat the problem!On 32bit Windows System it still works with a dns name, but not anymore on 64bit!!

gsteiner by L3 Networker
  • 3043 Views
  • 1 replies
  • 0 Likes

Microsoft flight simulator Squawkbox issue

We have a user who says once we moved to our new Palo Alto box from Cisco ASA he is having a odd issue.He claims that Squawkbox works fine as long as he is talking but if he just listens after 2 or 3 min. He looseshis audio until he speaks. To me it sounds like he is having some kind of session time out. But I am new toPalo and know nothing of S...

SSL Decryption

Do you need to have a valid URL filtering subscription for SSL Decryption to work?ThanksRod

djrodb by L3 Networker
  • 3294 Views
  • 2 replies
  • 0 Likes

DRAFT: Procedure to add Antispyware, Threat, & URL Filtering

1. Policy profiles a. enable applications (one day to enable) i. tweak applications (several days at least, maybe two weeks at most) ii. wait until stability achieved b. enable antispyware (one day to enable) i. tweak (one day, maybe several days at most) ii. wait until stability achieved ...

tarkawa by Not applicable
  • 2111 Views
  • 1 replies
  • 0 Likes

Kerberos Authentication

Hello all,I'm trying to understand how Kerberos authentication works on the PAN. From what I understand is that Kerberos does not send any passwords over the network but generates tickets.1) When a user logs on a SSL VPN portal which is configured for Kerberos authentication, the user types in the password. But how handle the PAN the password? T...

u5273 by Not applicable
  • 6411 Views
  • 3 replies
  • 0 Likes

Wildfire not showing any files.

I have configured a PA500 to use Wildfire but in the dashboard I don't see any files being examined.While downloading an .exe I get the page to continue and I see in the Data Filtering Log, action Forward.Inspecting the system log doesn't show any info on Wildfire.On the Wildfire dashboard nothing happens even after a few days.Today I tried a ma...

hoplahoi by Not applicable
  • 13985 Views
  • 9 replies
  • 0 Likes

Security Policy Action Options other than Allow/Deny

We have a security rule: Src Zone: InternalSrc User: AnyDest Zone: AnyDest Add: AnyApplication: Application filter which inlucde all online videos (e.g. adobe-media-player, http-video, tvb-video, youtube-base)Action: Deny It works as expected, however some users need to view some business video now. Is there any option to configure 'override' as...

linuss by Not applicable
  • 5320 Views
  • 6 replies
  • 0 Likes

SSL-Out Out Timer

Hi - does somewone know the command to show the current countdown timers for users who have accepted SSL interception?I know there is one as I've run it in the past, but can't for the life of me find it.Thanks

apackard by L4 Transporter
  • 2180 Views
  • 1 replies
  • 0 Likes

Resolved! Panorama & HA Pair questions

I'm just getting started with Pair of 5000's in Active/Passive and plan to manage them via Panorama. Should I be pushing policy to the 'primary' PA firewall or create a device group and push the policy to both? Second question: We plan on bringing up a secondary internret connection in about a year with a building and will be adding another pai...

Jinx by L1 Bithead
  • 3177 Views
  • 2 replies
  • 0 Likes

DNS Proxy question

Hi All,I'm working to configure the PAN (4.1.2) DNS proxy, hopefully to replace the legacy slave dns server.But the adminsitrative guide is good enough to understand to configure it.I'm having hard time getting it to work as desire.Would I able to forward DNS queries to other both external(Internet) and Internal DNS servers on domain?Please advi...

ateo by Not applicable
  • 3731 Views
  • 2 replies
  • 0 Likes

Resolved! Timer to refresh FQDN object entries

Hi,In the "PAN-OS Command Line Interface Reference Guide Release 4.0", we found the following options which specify the refresh times for "FQDN object entries".+ fqdn-forcerefresh-time — Seconds for Periodic Timer to force refresh FQDN object entries (14400-86400) + fqdn-refresh-time — Seconds for Periodic Timer to refresh expired FQDN object en...

Hub by L0 Member
  • 6938 Views
  • 4 replies
  • 0 Likes
  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels