General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

uid-gids-cache timeout

Hi there,

we use the pan-agent installed on a DC to read out the users of some AD groups. Works fine so far. The only problem we got is, that if a user is removed from an AD group, I will always have to run the "clear uid-gids-cache" command on the de

...

Cert issue with Captive Portal

We have installed a Comodo wildcard cert on our 2050 for use with the SSL-VPN and Captive Portal.  IE and Chrome are fine, but Firefox always says the it can't verify the authenticity of the cert.  I remember reading in another post that someone had

...

bvest by Not applicable
  • 1760 Views
  • 1 replies
  • 0 Likes

Permanently cached user to IP

Did a search, but nothing seems to answer my question:

I would like input from more knowledgable folks on the problem described - the permanent caching of a "good" account on computers that are kiosk mode and logged in with "ignored" accounts.  See ex

...

jasbeck by Not applicable
  • 3864 Views
  • 8 replies
  • 0 Likes

RDP incomplete session

RDP worked before the installation of PAN 500. Now I'm having an incomplete session on RDP (TCP handshake is dropping). How do I fix this:

760     t.120          DISCARD FLOW  NS   172.21.196.181[4483]/l3-trust/6  (70.159.69.130[2588])
vsys1           

...

Resolved! Apps vs URL Profile - block application

Hi all,

I tested this strange (imho) behaviour with PAN 2020 4.0.3:

1. create a first security policy with ssl, http-proxy, dns but without web-browsing application (as you can see in 1.jpg) with action ALLOW

2. create a following security policy with f

...

HA Sync issues with content updates

I am running a pair of PA-4020s in HA mode on PAN OS 3.1.8. For about the last three or four Threat and App Content updates I have had sync issues. I have the active PA downloading and then syncing the content to the passive PA. This worked fine unti

...

Base64 encoded HTTP traffic.

Hi,

I was reading the 2011-2012 buyers giude. There is a statement that describes Base64 encoded HTTP messages , used in command and control traffic for malware.

The bot sets the User-Agent header value to “inter easy” and also receives a scrambledBase

...

AD/LDAP Server authentication

Does anyone have any tips for getting AD/LDAP bind request working at the server.  I have the PaloAlto sending and receiving the bind request to authenticate, but the server reply packet says the credentials are invalid (error code 52e - invalid cred

...

sajens by L0 Member
  • 3058 Views
  • 1 replies
  • 0 Likes

Simple Policy Question

This is a simple one, but I couldn't find it specifically stated in the manual.

When I define a security policy, are the Zone and Address exclusive of each other?  In other words, if I select a zone,it requires I put in specific IP's or select Any.  I

...

cmaier by L1 Bithead
  • 2524 Views
  • 3 replies
  • 0 Likes

Resolved! URL Category priority

Hi

I am wondering what will happen if one URL is in two different categories. Especially if one is configured to block, the other to pass the request.


I don't know if this can happen within predefined categories (from BrightCloud), but as i am able to

...

User_333 by L2 Linker
  • 3591 Views
  • 3 replies
  • 0 Likes

Resolved! Trunk / Link Agg Recommendation

I have a 5060 I'd like to carve up and use one of the vsys's on it for a back-end firewall.  My plan was to take two of the 10Gb ports and LAG them together, sending all 4 of my vlans in and out on that one trunk.  Will that work, or is there a bette

...

cmaier by L1 Bithead
  • 2899 Views
  • 3 replies
  • 0 Likes
  • 24006 Posts
  • 102 Subscriptions
This widget could not be displayed.
Top Solution Authors
Top Liked Authors
Labels