This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

user-identification for VLAN Traffic

Hi Guys,I am just wondering if any one could help me out on this as I am slightly lost creating and troubleshooting for the following issue: It has been noticed that not all traffic had a user-id and it seems that any traffic originating from a VLAN goes down as “unknown” user. So my question is, how can we make the PAN aware of the VLANS so t...

Quarantine functions

I have a customer who is familiar with ISS Proventias. This customer is trying to match capabilities of the ISS to PA. I have answered all his questiosn/ matchups with IPS rule to a Vulnerability Protection policy+ Malware/Spyware policy, but I am not sur ehow to address this quarantine question with him.In the ISS Proventia, you can set a t...

cwilliams by Not applicable
  • 2617 Views
  • 2 replies
  • 0 Likes

VPN tunnel to Cisco ASA via GUI?

I need to setup a VPN tunnel with a Cisco device which we don't control or have any access to.The intention is that I can allow a group of IP addresses on our LAN to have access to resources on the other side of the tunnel.These are the settings that I've been given by the people who own/control the other side of the tunnel: Phase 1ISAKMP Identi...

Resolved! NAT to server on DMZ?

I have a PA-500. Our public block of IP addresses come in on Ethernet1/1 (Untrust Zone). I have no trouble NAT'ing in an outside IP to an internal device that is physically connected to a network on Ethernet1/2 (Trust Zone). Now, I created a "dmz" on Ethernet 1/4 and I gave the interface the address of 10.4.1.1. I put a client on this network...

Inbound NAT Question

Hello-I am running PA-4050's in an HA oair with s/w version 4.0.7. I have a "guest-wi-fi" zone and Untrust Zone. I currently have an outbound NAT rule for the Guest wifi pool (10.250.98.0/24) to the Untrust Zone using the source address of the wifi pool (10.250.98.0/24) going to destination "any" using dynamic IP and Port translation to 123.12...

Resolved! upgrading pan os from downloaded file

hijust setting up a PA 200 - i have the URL and virus all up to datebox is running PAN OS 4.1.0i have 5 of these boxes to upgrade so i downloaded PAN OS 4.1.1 and 4.1.2i goto software option and select install from file - and i just see software file IMG and no drop down options...where do i need to locate the downloaded OS files for the PAN to ...

sue_town by Not applicable
  • 2984 Views
  • 2 replies
  • 0 Likes

PA 2020 Active/Passive Cluster on SFP Ports

Hi,I have two 2020 Palo-Alto firewalls with serial no.0004C102807 and 0004C102848. I have to configure them in Active /Passive Cluster. As per the design the two PA Firewalls are not in the same location and they are at different locations and Ethernet Cable (Cat-6) will not be laid between the two Buildings(becoz of distance constraint). Howev...

itsecll by L1 Bithead
  • 3217 Views
  • 3 replies
  • 0 Likes

url filtering with groups moved user

I have 2 surfing policies one referencing group1 the other group2if I move a user from group 1 to group 2 he is still restricted by the group 1 policieshow do I force the panagent to look again and get the list of group to user again

Trying to configure GlobalProtect VPN with user certificates on 4.1.x

Hello-I currently have a PA-500 running 4.1.2 and am trying to configure a client certificate-based VPN as outlined in this document: However, that document is for the old NetConnect (pre-4.1.x) VPNs so I've been trying to merge the instructions contained therein with the the 4.1.x GlobalProtect instructions:I have been able to get the appropria...

PA in active-active mode and Cluster ID

Dear all,we ran into a strange problem tonight.We are running PA 4.0.8 in active/active because me might encounter asymmetric routing.We have two A/A clusters in different data centers. Both clusters have the same cluster ID.The traffic is going only over one cluster by design. We checked the traffic counters on the routers and confirmed that on...

AndreasB by L2 Linker
  • 2698 Views
  • 1 replies
  • 0 Likes

Bulk creation of host objects

We need to create a large number host objects (i.e. IP address objects). Tech support only pointed us to a KP article "Using the XML API" which is Greek to me. Does anyone have any suggestions/solutions? I would think that someone would have needed to do this before me and found a way. Thanks.

legeremt by L0 Member
  • 6709 Views
  • 5 replies
  • 0 Likes

Trap SNMP for threat

Hi all,From the mib file named PAN-TRAPS.mib I can see that there are some information about threat objects.Is there anybody who knows how to use this.I have tried to generate some threats but no traps were sent to the manager.ThanksBruno

Need assistance creating a custom application

I have a warehouse management system, and I need to identify the traffic from the WMS client. Here is a section of the tcp stream from a packet capture: V103^46^^~0~~0~~-1^=^002050^get encryption information V103^45^45736^0^0^^1^1^s^~name~4~4~name~name~^S4^none V104^73^2^^^66^^^~0~~0~~-1^=^002306^list comp versions where base_prog_id = 'D...

bhayes by L1 Bithead
  • 3105 Views
  • 3 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks