General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Kerberos Authentication

Hello all,I'm trying to understand how Kerberos authentication works on the PAN. From what I understand is that Kerberos does not send any passwords over the network but generates tickets.1) When a user logs on a SSL VPN portal which is configured for Kerberos authentication, the user types in the password. But how handle the PAN the password? T...

u5273 by Not applicable
  • 6420 Views
  • 3 replies
  • 0 Likes

Wildfire not showing any files.

I have configured a PA500 to use Wildfire but in the dashboard I don't see any files being examined.While downloading an .exe I get the page to continue and I see in the Data Filtering Log, action Forward.Inspecting the system log doesn't show any info on Wildfire.On the Wildfire dashboard nothing happens even after a few days.Today I tried a ma...

hoplahoi by Not applicable
  • 13996 Views
  • 9 replies
  • 0 Likes

Security Policy Action Options other than Allow/Deny

We have a security rule: Src Zone: InternalSrc User: AnyDest Zone: AnyDest Add: AnyApplication: Application filter which inlucde all online videos (e.g. adobe-media-player, http-video, tvb-video, youtube-base)Action: Deny It works as expected, however some users need to view some business video now. Is there any option to configure 'override' as...

linuss by Not applicable
  • 5336 Views
  • 6 replies
  • 0 Likes

SSL-Out Out Timer

Hi - does somewone know the command to show the current countdown timers for users who have accepted SSL interception?I know there is one as I've run it in the past, but can't for the life of me find it.Thanks

apackard by L4 Transporter
  • 2185 Views
  • 1 replies
  • 0 Likes

Resolved! Panorama & HA Pair questions

I'm just getting started with Pair of 5000's in Active/Passive and plan to manage them via Panorama. Should I be pushing policy to the 'primary' PA firewall or create a device group and push the policy to both? Second question: We plan on bringing up a secondary internret connection in about a year with a building and will be adding another pai...

Jinx by L1 Bithead
  • 3183 Views
  • 2 replies
  • 0 Likes

DNS Proxy question

Hi All,I'm working to configure the PAN (4.1.2) DNS proxy, hopefully to replace the legacy slave dns server.But the adminsitrative guide is good enough to understand to configure it.I'm having hard time getting it to work as desire.Would I able to forward DNS queries to other both external(Internet) and Internal DNS servers on domain?Please advi...

ateo by Not applicable
  • 3735 Views
  • 2 replies
  • 0 Likes

Resolved! Timer to refresh FQDN object entries

Hi,In the "PAN-OS Command Line Interface Reference Guide Release 4.0", we found the following options which specify the refresh times for "FQDN object entries".+ fqdn-forcerefresh-time — Seconds for Periodic Timer to force refresh FQDN object entries (14400-86400) + fqdn-refresh-time — Seconds for Periodic Timer to refresh expired FQDN object en...

Hub by L0 Member
  • 6950 Views
  • 4 replies
  • 0 Likes

PA 5000 Series QoS performance.

Hi there. I have a question regarding of QoS performance of PA 5000 Series. As my know, PA-4000 Series performance is up to 2G when using QoS.how is the performance about PA5000 series??does it has same performance with PA 4000 series?? is it also support up to 2G when using QoS enable?Please let me know.

willstech by L3 Networker
  • 3128 Views
  • 1 replies
  • 0 Likes

Resolved! VPN Authetication with client certificate

Hi, if I configure VPN authentication with client certificate, it will be necesary to enter password?.I don't know if with client certificate you don't need user and password as I've seen in other scenarios. Reading documentation from Palo Alto seems that you will need only password (the name autofill with certificate), but I'm not completely su...

ssancho by L2 Linker
  • 3153 Views
  • 2 replies
  • 0 Likes

Panorama in HA

Hi there!I would like to know if someone is using the Management Panorama in HA (Primary and Secondary). I was looking for information about, but i could not find anything.Thanks in advance!Angel.

Resolved! User-ID Agent XML config and debug

Have successfully installed the UserAgent 4.1.2-2 and it is merrily discovering user authentication events. It is VERY keen to tell me all of this in the UaDebug.log file.How do you reduce the verbosity - there's a "file" somewhere but it's not giving any hints?02/14/12 13:32:59:730[ Info 1642]: ------------Service is being started------------ ...

PA 2020 Active/Passive HA

I am configuring Active/Passive PA 2020 firewall for clustering . I have configured all the parameters for HA including the links(HA1 and HA2). Also the firewall are connected and both the HA interfaces are showing up. I am making One PA Firewall as Active by lowering its device Priority (100)and other as standby (priority 150). I am seeing ,th...

itsecll by L1 Bithead
  • 5612 Views
  • 6 replies
  • 0 Likes

address-group limitation

Hi @all,we’re using a PA-5020 active-passive Firewall-Cluster. We recently noticed that the address-groups are limited to 500 items per group. As we have a list of nearly 1500 items (ip-address and network-addresses) to manage, I want to ask whether there are any performance issues known if we split the items in three or more groups.

Wirecard by Not applicable
  • 3086 Views
  • 2 replies
  • 0 Likes

No username in source-user column of PA-500

Hi AllI have upgraded to PANOS 4.1.2 and user-id-agent 4.1.2-2 in my lab, however when i complete config, and can not select any domain\username in the source user column, but i can sure the connection is ok by command >show user user-id-agent statistics between the unit and user-id-agent.When I downgrade user-id-agent 4.1.2-2 to PanAgent 3....

  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels