General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

ISA (TMG) Problem with PA-500 in vwire mode

background:we have a new installation of a PA-500 (running 4.1.2) which sits behind our edge firewall (TMG 2010) in vwire mode.basic setup. the pa-500 external interface connects directly into the edge firewalls internal interface and the pa-500 internal interface connects directly to our production network. our DNS, AD etc are all on this produ...

d_ballam by Not applicable
  • 3133 Views
  • 2 replies
  • 0 Likes

Android Market Apps download stuck at 99%

Hello All,Did anyone encounter issues with android apps download ?It will get stuck at 99% and refused to complete the installation. I also allowed the android-market application. The logs showed nothing deny.Any advice would be appreciated.ThanksBen

mmxong by Not applicable
  • 5319 Views
  • 6 replies
  • 0 Likes

tftp export timing out

I am trying to use tftp to upload/export the configuration file to an OpenBSD tftp server which is on the same LAN as the PA box.The address of the PA is 192.168.2.1 and the OpenBSD server 192.168.3.1The file transfer process seems to be timing out at the ACK phase (server -> PA).Here's the command:admin@fs> tftp export configuration sourc...

quist by Not applicable
  • 4959 Views
  • 3 replies
  • 0 Likes

PA5050 SFP+ Port LED doesn't work if SFP plugged in?

Hi there,we have equipped the SFP+ Ports 21-24 with normal 1GB SFPs.The SFPs are working fine but the Port LEDs doesn't blink.Is this a normal behavior? Maybe only show light if a SFP+ plugged in? :smileyconfused:We're running the version 4.0.7Thanks, Sebastian

Running PAN in FIPS and/or CCEAL4 mode?

Any of you here in this forum who have experience from running your PAN device in either FIPS or CCEAL4 mode (or both - is that possible?)I only found some brief of what the FIPS mode really means within the "Appendix C Federal Information Processing Standards Support" in PA-4.1_Administrators_Guide.pdf and no mention of what CCEAL4 mode (found ...

mikand by L6 Presenter
  • 2833 Views
  • 1 replies
  • 0 Likes

SSH Tunnels

I know in order to look inside the SSH traffic to see if someone is doing SSH Tunnels you need to decrypt the SSH session.I am looking to find out how the PAN decrypts the SSH traffic and what is all involved in setting this up on the firewall.

snormoyle by Not applicable
  • 2429 Views
  • 1 replies
  • 0 Likes

ALG for Facetime via NAT?

We're running 4.0.5 and Facetime does not work as the packets coming from Apple's servers via the Internet are dropped. I noticed there was an ALG for H.323 in 4.1 but wasn't sure if that was related to Facetime or if there was anothe work around.

bjdraw by Not applicable
  • 6951 Views
  • 8 replies
  • 0 Likes

Error message for role based Administrator

Error message when role based admin user is trying to log into UI:User does not have access to any device groups. Device groups are needed to access the 'Policies' and 'Objects' tab. Please ask your administrator to give you access to one.---The goal is to only assign a vsys to this role based administrator and not a device. Please let me know i...

bbsoc by L2 Linker
  • 2745 Views
  • 2 replies
  • 0 Likes

Reconnaissance Protection

hi : In regard to the settings for Port Scans and Host Sweeps:What counts as an event toward reaching the threshold? Is it a SYN packet or are other types of packets counted?Thanks

wlu by Not applicable
  • 3454 Views
  • 1 replies
  • 0 Likes

Anyone tried to connect GP from iphone/ipad with ClientCert?

I'm tring to connect GP from iPhone5 and iPad4.3.3 with Client Cert Auth.I can't see the establishment of IPSec VPN, however, I could establish VPN from Windows with same client cert.I want to see the working sample cofiguration.Could anyone share the information?My testbed:-PA-5020 v4.1.1-GP v1.1.1-Windows 2003R2 as Client Cert CABTW, I know th...

emr_1 by L6 Presenter
  • 3165 Views
  • 1 replies
  • 0 Likes

SSL-VPN on Mac can't route traffic after sleep

On many of our Mac clients that are using SSL-VPN, if they are connected to the VPN and they close their Mac's (putting it to sleep), when the mac's are awoken, they can't route any traffic. The only cure seems to be:sudo route -n flushIs there any way to have normal function (meaning the normal non-vpn session) resume properly upon waking the ...

Lookout by Not applicable
  • 2529 Views
  • 1 replies
  • 0 Likes

Data filtering by name

Is there a way to block a specific file name, not just a file extension? Is it possible to accomplish this using a custom data pattern?

jgeyer by L0 Member
  • 2521 Views
  • 1 replies
  • 0 Likes

GRE issues with 4.1.0 ?

Good morning,we run PanOs 4.1.0 on a couple of new sites, but we are not able to make GRE tunnel works. The sceario is IPsec Tunnel between 2 firewalls (PA-2020 to PA-5050), GRE tunnels built inside the IPsec on Cisco routers.IPsec is ok and ping is working between the routers loopback, but GRE tunnel is down even if we permit all applications a...

fm_eng by L1 Bithead
  • 3061 Views
  • 2 replies
  • 0 Likes
  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels