General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! User-ID agent 4.1.0 service logon account permissions.

User-ID agent 3.1.0 ran quite happily on our Domain Controller under a regular domain user account (no group membership apart from the default Domain Users, and I guess "Ran as service" was granted automatically during the installation).The new version of User-ID agent refuses to start the service under that account. No events are loged in Windo...

ST1985 by L1 Bithead
  • 10186 Views
  • 7 replies
  • 0 Likes

Anyone tried REVERSE PROXY on PAN

Hi,I was just wondering if anyone was successful in implementing Reverse Proxy solution on the PAN. As far as i know, Palo Alto does not do Reverse Proxy, but was even told that there was work around for it. Anyone who has been successful in acheiving this, could you please share it out with us.Many thanks in advance.Kind Regards,

Custom reports using different log archive

Hi all, we are trying to create a custom report in which we want to include fields that belongs to, for exemple, the URL log database and wanted to add a field that is contained at the traffic log (bytes, for example). Is it possible?Best regards,

COMIP by L2 Linker
  • 3229 Views
  • 3 replies
  • 0 Likes

Captive Portal Persistence

Greetings,A little background. We have a wireless guest network at multiple facilities. Currently we have Juniper wireless deployment and use their "SmartPass" product for guest authentication. This gives us two things:Provides a splash page that guests have to accept basically saying we have no SLA, not responsible, blah blah blah legal stuf...

mrsold by Not applicable
  • 3365 Views
  • 2 replies
  • 0 Likes

Resolved! Packet Capture/Debug Flow based on an IPSec VPN

HiI am looking for a way doing a packet capture (or Debug Flow) with a filter based on a defined VPN Connection. The only thing I found, was a filter like "debug dataplane packet-diag set filter match ingress-interface tunnel" but with this I am not able to filter just one VPN Connection (eg tunnel.100). It seems, this command doesn't support su...

User_333 by L2 Linker
  • 12120 Views
  • 4 replies
  • 0 Likes

Problem in RESTful API with predefined application

Hi,Trying to retrieve list of predfined application with RESTfull api we recieve an error (Firefox):ML Parsing Error: mismatched tag. Expected: </default>.Location: https://<server>/esp/restapi.esp?key=<key>&type=config&action=get&xpath=/config/predefined/applicationLine Number 45327, Column 11:In version 3.* this w...

Resolved! LAN issue with PA200

Higotta really wierd problem...PA 200configured for DHCPeth1/2 Layer 3 IP address 10.130.8.25/24default route via eth 1/2eth1/2 connected to port on CISCO 2960S switchPC connected to port on same CISCO 2960S switchIP config IP Address. . . . . . . . . . . . : 10.130.8.151Subnet Mask . . . . . . . . . . . : 255.255.255.0Default Gateway . . . . . ...

sue_town by Not applicable
  • 3963 Views
  • 3 replies
  • 0 Likes

como configurar 2 puertos que hagan marcacion pppoe ?

Hola buenos dias, he intentando configurar un puerto para que realize la marcacion pppoe y asi la interface tenga la ip publica de mi provedor de internet.lo he intentado hacer en varias ocaciones , pero no tengo exito. Lo que realize fue configurar un ip estatica del modem pero asi no lo requiero.Y ahora tengo dos enlaces y quiero hacerlos con ...

VPN SSL with LDAP Group fail

Hi team, I have a problem with a OS 3.1.9.If a try to configure VPN SSL with LDAP Groups, always I have the same error: Authentication failed: Invalid username or password.If I change the configuration to LDAP users, athentication and connection are perfect.What is the problem with LDAP Group? realy I need a solution with LDAP.I hope help me som...

ocampos by Not applicable
  • 2099 Views
  • 1 replies
  • 0 Likes

Resolved! DHCP Option 252 WPAD

Seeing since there is no support to push down client proxy settings via GP - does anyone know if we can set up a DHCP scope for SSL VPN clients that has/allows for option 252 WPAD support?ThanksRod

djrodb by L3 Networker
  • 9243 Views
  • 8 replies
  • 0 Likes

Is there any way to monitor the state of a Virtual Wire?

We are testing vwire behavior with link state pass through enabled in our lab where it is working properly, but there is very little information to use as indicators of a transition. Basically, all we can find in the log is the interface down message for the connection pulled. Is there any log or counter than can be viewed to tell that a virtua...

chrisp by L3 Networker
  • 4551 Views
  • 5 replies
  • 0 Likes

Global-protect clients not getting IPs

Hello,One of ours client upgraded netconnect (4.0.8) to global-protect 1.1.2 (4.1.2). In logs I can see that client is authenticated, but is not getting any IP. Communication is allowed so ipsec is not blocked. I've checked configuration at it seems fine. Client is getting the following error on the Client - Portal Error.In client logs I can...

Vulnerability profile including all signatures for specific application

Hi everyone, I've read through the Admin Guide and have done some searching in KnowledgePoint, but can't find the answer I'm looking for...Currently, in PANOS 4.1, in a Vulnerability profile, when one adds a rule, they can conditions to match signatures. We can provide a string to match on Threat Name, for example I could add a rule with 'ftp'...

Mack by L2 Linker
  • 3668 Views
  • 3 replies
  • 0 Likes

Still no way to set SPECIFIC threat exceptions???

I created this thread over a year ago...https://live.paloaltonetworks.com/message/3636#3636...is there still no more intuitive way to be more granular when it comes to creating threat exceptions? I'm still having the same problem I report at the bottom of that thread. For example...I need to create a rule to ignore Threat ID 12345. If I use th...

jambulo by L4 Transporter
  • 3979 Views
  • 4 replies
  • 0 Likes

Application bit-internal cannot be allowed.

How can I allow application bit-internal in my policy? This application is blocked by last rule (explicity block rule). I didn't see application bit-internal in my Object->application database and I can't use it in policy. We have PANOS 4.0.8 and application update 289-1268.

darkfibre by Not applicable
  • 4967 Views
  • 5 replies
  • 0 Likes
  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels