General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Third party RADIUS + OTP + Captive Portal

Hi all,We are implementing a Nordic-Edge Server that provides radius and otp services. Once you have enter the user/password credentials in VPN-SSL portal , you get another screen which prompts you for the OTP that is sent by SMS.The auth is OK , but the security policies are based in Active Directory users and groups. In order to solve it we ar...

Resolved! User-ID agent 4.1.0 service logon account permissions.

User-ID agent 3.1.0 ran quite happily on our Domain Controller under a regular domain user account (no group membership apart from the default Domain Users, and I guess "Ran as service" was granted automatically during the installation).The new version of User-ID agent refuses to start the service under that account. No events are loged in Windo...

ST1985 by L1 Bithead
  • 10185 Views
  • 7 replies
  • 0 Likes

Anyone tried REVERSE PROXY on PAN

Hi,I was just wondering if anyone was successful in implementing Reverse Proxy solution on the PAN. As far as i know, Palo Alto does not do Reverse Proxy, but was even told that there was work around for it. Anyone who has been successful in acheiving this, could you please share it out with us.Many thanks in advance.Kind Regards,

Custom reports using different log archive

Hi all, we are trying to create a custom report in which we want to include fields that belongs to, for exemple, the URL log database and wanted to add a field that is contained at the traffic log (bytes, for example). Is it possible?Best regards,

COMIP by L2 Linker
  • 3226 Views
  • 3 replies
  • 0 Likes

Captive Portal Persistence

Greetings,A little background. We have a wireless guest network at multiple facilities. Currently we have Juniper wireless deployment and use their "SmartPass" product for guest authentication. This gives us two things:Provides a splash page that guests have to accept basically saying we have no SLA, not responsible, blah blah blah legal stuf...

mrsold by Not applicable
  • 3365 Views
  • 2 replies
  • 0 Likes

Resolved! Packet Capture/Debug Flow based on an IPSec VPN

HiI am looking for a way doing a packet capture (or Debug Flow) with a filter based on a defined VPN Connection. The only thing I found, was a filter like "debug dataplane packet-diag set filter match ingress-interface tunnel" but with this I am not able to filter just one VPN Connection (eg tunnel.100). It seems, this command doesn't support su...

User_333 by L2 Linker
  • 12116 Views
  • 4 replies
  • 0 Likes

Problem in RESTful API with predefined application

Hi,Trying to retrieve list of predfined application with RESTfull api we recieve an error (Firefox):ML Parsing Error: mismatched tag. Expected: </default>.Location: https://<server>/esp/restapi.esp?key=<key>&type=config&action=get&xpath=/config/predefined/applicationLine Number 45327, Column 11:In version 3.* this w...

Resolved! LAN issue with PA200

Higotta really wierd problem...PA 200configured for DHCPeth1/2 Layer 3 IP address 10.130.8.25/24default route via eth 1/2eth1/2 connected to port on CISCO 2960S switchPC connected to port on same CISCO 2960S switchIP config IP Address. . . . . . . . . . . . : 10.130.8.151Subnet Mask . . . . . . . . . . . : 255.255.255.0Default Gateway . . . . . ...

sue_town by Not applicable
  • 3962 Views
  • 3 replies
  • 0 Likes

como configurar 2 puertos que hagan marcacion pppoe ?

Hola buenos dias, he intentando configurar un puerto para que realize la marcacion pppoe y asi la interface tenga la ip publica de mi provedor de internet.lo he intentado hacer en varias ocaciones , pero no tengo exito. Lo que realize fue configurar un ip estatica del modem pero asi no lo requiero.Y ahora tengo dos enlaces y quiero hacerlos con ...

VPN SSL with LDAP Group fail

Hi team, I have a problem with a OS 3.1.9.If a try to configure VPN SSL with LDAP Groups, always I have the same error: Authentication failed: Invalid username or password.If I change the configuration to LDAP users, athentication and connection are perfect.What is the problem with LDAP Group? realy I need a solution with LDAP.I hope help me som...

ocampos by Not applicable
  • 2098 Views
  • 1 replies
  • 0 Likes

Resolved! DHCP Option 252 WPAD

Seeing since there is no support to push down client proxy settings via GP - does anyone know if we can set up a DHCP scope for SSL VPN clients that has/allows for option 252 WPAD support?ThanksRod

djrodb by L3 Networker
  • 9234 Views
  • 8 replies
  • 0 Likes

Is there any way to monitor the state of a Virtual Wire?

We are testing vwire behavior with link state pass through enabled in our lab where it is working properly, but there is very little information to use as indicators of a transition. Basically, all we can find in the log is the interface down message for the connection pulled. Is there any log or counter than can be viewed to tell that a virtua...

chrisp by L3 Networker
  • 4551 Views
  • 5 replies
  • 0 Likes

Global-protect clients not getting IPs

Hello,One of ours client upgraded netconnect (4.0.8) to global-protect 1.1.2 (4.1.2). In logs I can see that client is authenticated, but is not getting any IP. Communication is allowed so ipsec is not blocked. I've checked configuration at it seems fine. Client is getting the following error on the Client - Portal Error.In client logs I can...

Vulnerability profile including all signatures for specific application

Hi everyone, I've read through the Admin Guide and have done some searching in KnowledgePoint, but can't find the answer I'm looking for...Currently, in PANOS 4.1, in a Vulnerability profile, when one adds a rule, they can conditions to match signatures. We can provide a string to match on Threat Name, for example I could add a rule with 'ftp'...

Mack by L2 Linker
  • 3665 Views
  • 3 replies
  • 0 Likes

Still no way to set SPECIFIC threat exceptions???

I created this thread over a year ago...https://live.paloaltonetworks.com/message/3636#3636...is there still no more intuitive way to be more granular when it comes to creating threat exceptions? I'm still having the same problem I report at the bottom of that thread. For example...I need to create a rule to ignore Threat ID 12345. If I use th...

jambulo by L4 Transporter
  • 3975 Views
  • 4 replies
  • 0 Likes
  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels