General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Pan os 3.1.8 VirtualWire and Microsoft NLB Problems

Good morningI have a Virtual Wire configured on a PAN-2050 with Pan OS 3.1.8 and I connect in one Interface of it a Microsoft ISA Server 2004 and in the other interface a Catalyst Cisco Switch.This Microsoft ISA SERVER 2004 has a Microsoft Load Balancing Service (NLB) configured on it with another Microsoft ISA SERVER 2004 that is connected in o...

Pepen by L1 Bithead
  • 2029 Views
  • 1 replies
  • 0 Likes

App ID Classification

I noticed that Sophos anti-virus is classifed under business-systems/management, while McAfee, Symantec, Panada are all classifed under business-systems/software-update.Seems to me Sophos is misclassified under the wrong sub-cateogry.

snormoyle by Not applicable
  • 2129 Views
  • 1 replies
  • 0 Likes

Certificate : standard, extended validation, wildcard, subject alternative name

Hello,OWA (Exchange 2007) needs SAN (Subject Alternative Name) certificates (http://www.digicert.com/ssl-support/exchange-2007-san-names.htm). This type of certificate is supported by the Palo Alto for SSL inspection? What type of certificate are supported by Palo Alto (standard, extended validation, wildcard, SAN)?RegardsPatrick

Update problems, PANOS 4.0.5

Hi, I need some help about a PAN update trouble, since december of last year can't update all the signatures of threats, APP's, url filtering and antivirus.On the dynamic update section, when checking for new version, shows an error:Failed to check content upgrade info due to generic communication error. Please try again later.When I'm testing t...

How to identify specific object usage ?

Hello,Is there a way to easily find out where a specific object is used in the policies ?I know that I can use the filter filed in the policy tab (by using "drag and drop" or filter drop-down menu). However, when using group objects for multiples addresses, users or services, we cannot use this filter feature anymore. Indeed, even when specifing...

ldormond by L3 Networker
  • 4752 Views
  • 7 replies
  • 0 Likes

Resolved! User Identification - 4.1 LDAP - AD

Hi,I have upgraded to 4.1 and added a ldap-server profile to the config so the firewall does the query instead of the user-id-agent.When I go to group-mappings settings ( under user-identification ) and select the tab 'Group Include List',I can see the whole AD-tree-structure, but I cannot view the last part: the group itself.Has anybody seen th...

paulmeys by L1 Bithead
  • 4037 Views
  • 3 replies
  • 0 Likes

Retrieve Primary group of a user

Hi,I've just upgraded my PA-2050 to 4.1.1 and configured LDAP servers and group mapping for building some policies rules based on AD groups.Everything works well except one thing.The primary group of a user is not retrieved.And this is a problem because I had a policy rule based on it.Exemple : if a user "toto" belongs to these groups :- Domain ...

PA 2050 running 4.1.1

Just curious if anyone else notice performance issues with their palo boxes after upgrading to 4.1.1? I’m getting a lot of commit failures, cannot connect to the device errors or the page just takes 3-5 minutes to load. I’m also noticing that when the commits do take place it can take 5-15 minutes to complete.PA-2050Software version 4.1.1Globa...

Globalprotect client failing authentication

We have had several instances where our end users are not able to connect with the globalprotect client since upgrading to PANOS 4.1. When I check the system log file I see the following errors 2012/01/18 09:45:03info globalp portal globalp 0 GlobalProtect portal user authentication failed. Login from: 208.54.35.242, User name: USER, Reaso...

jbland by Not applicable
  • 3713 Views
  • 3 replies
  • 0 Likes

Resolved! Using "Any" as zone for a converted policy

HiI'm converting a security policy from a Check Point device to a PAN device using the PAN converter. By default the converter sets source and destination zones as "Any". Can I use the rule like that? Is there any problem that such configuration might cause in the future or after replacing the devices? Do I need to specify zones in the rules? Pl...

Multi Gateway

Hello,I need to install a PA200 for a internet breakout. Since i can't change the IP Subnet, I tough to change the default gw to the PA and use the PA as a router for traffic to the WAN (same subnet). But my problem is now that traffic comming from the wan to the client is comming from 192.168.1.1 -> to the pc 192.168.1.50 -> to the PA 192...

gsteiner by L3 Networker
  • 5500 Views
  • 8 replies
  • 0 Likes

OSPF - Reditribution intra OSPF

Hello,My PA is connected to 2 OSPF areas and I want to take some routes from one area and send them to the other one.I try to do a redistribution profile but it only send my directly connected routes, not those learned from OSPF.Is there a way to do this?RegardsRémi

rroger by L1 Bithead
  • 2786 Views
  • 1 replies
  • 0 Likes

Resolved! URL-filtering Profile

Hi!Friday we upgraded our devices to 4.1.0.Everything is working ok, the gui is pretty fast, which is nice, only:When we want to edit a url-filtering-profile, the list of categories is empty.Can someone confirm this running on 4.1.0 ? ( or is it just only us, )Thank you,Kind regards,Paul

paulmeys by L1 Bithead
  • 10106 Views
  • 7 replies
  • 0 Likes

Resolved! How do I get a report of what threat prevention rules are enabled?

I have a customer that has asked me to match up an ISS proventia IPS rule to put a PAN Threat Prevention rule. I have created a enabled about 1009 rules on a custom ruleset to do so. The customer has asked that I "print off" in CSV or other format the " rules, showing which ones are enabled, what action is configured, against what is availa...

cwilliams by Not applicable
  • 5500 Views
  • 6 replies
  • 0 Likes

New feature - URL Allow List Object

Could you add a feature that creates "URL Allow List" objects and "URL Block List" objects. We have several URL Filtering Security Profiles and try to keep our business partner sites in the "Allow List" but have to manually add them to each profile. It'd be simpler if there was a separate object and we could add the object to the profile.

jmck9999 by L1 Bithead
  • 3496 Views
  • 3 replies
  • 1 Likes
  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels