General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! URL Group Management

Question - I have a default URL profile for all departments blocking a vast number of categories. 

I want to allow contain sites for other groups say sales, admin, IT, surveyors... 

Do I need to copy all the URLs or can I set a profile that simply ad

...

djmac by Not applicable
  • 2005 Views
  • 1 replies
  • 0 Likes

FTP slow through PA-500

Hi,

We have our PA-500 set up as follows:

Ports 1 & 2 as VWire connected to our firewall with AV and malware scanning

Ports 3 & 4 as L3 for our user traffic, scanning AV and Malware and URL filtering

When a user uses FTP to send files to servers on our D

...

lhank by L0 Member
  • 4467 Views
  • 4 replies
  • 0 Likes

eDirectory V7.3

Has anyone tried the UserID agent with V7.X?  I know its only supported from 8.8 but has anyone had a go with V7.3?

djmac by Not applicable
  • 1670 Views
  • 2 replies
  • 0 Likes

Ultrasurf blocking

Hi,

  We have PAN 500 with the firmware version of 3.1.2. It faild to identify the new version of ultrasurf (Ultrasurf version 10.02).How to identify and block the Ultrasurf by paloalto.is there any other way to block it. pls help me.

PAN Agent Settings

We are implementing the PAN User ID agent and we were wondering what everyone else was doing.. did you just leave it as the defaults?

network by L0 Member
  • 1933 Views
  • 2 replies
  • 0 Likes

Bundle CA cert with Captive Portal cert?

Just bought a cert from Thawte and am trying to make use of it for captive portal redirects.  I've run into an issue in that, while the unit can import the host certificate fine, none of the captive portal client's recognize it as it's been signed by

...

rahmant by Not applicable
  • 2085 Views
  • 2 replies
  • 0 Likes

Resolved! How to setup Captive Portal for Macs and Linux

Hi,

I'm having trouble setting up Captive Portal for our Macs and Linux users.

We have a PA-500 running 3.1.5, with Active-Directory, which is working fine for user authentication.

I've tried setting up a Captive Portal for the remaining users (so we ca

...

lhank by L0 Member
  • 3349 Views
  • 2 replies
  • 0 Likes

Multiple WAN interfaces

Currently going through a ISP change.  We have the luxury of having both WAN links up so we don't have to do a hot cut.  I'm trying to figure out how this can be achieved.  The set up needs to route requests back out the interface on which they were

...

Resolved! HA config

Did I unstand it right, that the PaloAlto firewalls doesn't need virtual and self-ip-addresses for HA?

I just watched the HA config video, but there was no part for configuring the layer 3 interfaces for HA. At the moment we use checkpoint firewalls a

...

gzauner by L0 Member
  • 2570 Views
  • 3 replies
  • 0 Likes

Resolved! Citrix Session Reliability - port 2598 tcp

I have a policy that allows traffic to my Citrix server using application objects Citrix, Citrix-jedi, web-browsing, and ssl. The Citrix object includes 2598 tcp (session reliability) as a standard port. I originally had service set to application-de

...

Data Filter Custom Report: No way to filter by File Name?

I am trying to create a Custom Report to show all Executables coming in and out of PA.  We do have a few .EXE files that are allowed to run through the network.  Is there no way to exclude these from the report by file name?

For example...

File Name !=

...

jambulo by L4 Transporter
  • 1617 Views
  • 2 replies
  • 0 Likes

Recording User in Logs

This should be an easy one.  Just looking for confirmation.

The only way to get user information in traffic/url/threat logs is to a) use the PAN User Agent to query AD/WMI or b) setup a caputive portal.  Is this correct?

We have a WPA2 wireless network

...

Resolved! Multiple Userid Agents

It is possible to add multiple userid agents (AD in my case) which serve a single domain to my PAN4020 for the purposes of redundancy?

Justin

forfarj by L1 Bithead
  • 2578 Views
  • 2 replies
  • 0 Likes

PA-500 problem with ISA Proxy Server

Dear,

We have the question concerning using Palo Alto with Microsoft ISA Server.We have implementation of a Palo Alto in the network where Microsoft ISA Server is used as proxy (8080 port). We installed PA in network as Virtual Wire so we don't distu

...