General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Blocking by AppID don't work as expected

HiTo block a webpage like Facebook, I have the follow two possibilities.1) Block it by the Url Filter2) Block it by the AppIDSince the URL Filter just looks at the URL and no other content. Access to Facebook will only be blocked if I try to access it by "www.facebok.com". But access via "http://translate.googleusercontent.com/translate_c?hl=de&...

User_333 by L2 Linker
  • 3010 Views
  • 2 replies
  • 0 Likes

Resolved! Custom URL wildcard

Hi all,I have a question relating to wildcards in a Custom URL Category on PA-500 - 4.1.0I have the following entry in my custom URL category *.centos.organd I'm finding that I'm getting a match with the following URL (and many others) mirror.ox.ac.uk/sites/mirror.centos.org/5.7/updates/i386/RPMS/kernel-2.6.18-274.7.1.el5.i686.rpmIs this...

DavePalo by L4 Transporter
  • 7438 Views
  • 9 replies
  • 1 Likes

Trouble after upgrading to 4.1

I was currently running 4.0.5 on panorama and HA active passive 2050 cluster.The upgrade ran rather smoothly.has something changed for service declaration in 4.1?I define my addresses and custom services on the panorama which I sync to the HA cluster members after committing on the panorama.My policies are defined on the first cluster member whi...

Virtual balancing and PBF

Hi all,My client need to do Load Balancing in his wan interfaces, I did the next config, in PBF I put four policies, one for the two Internet segments asigned to the first and more faster output (TRUST to (1.0.0.1-126.255.255.254) & (128.0.0.1-192.255.255.254)) the first and second public segment. Other PBF (TRUST to (193.0.0.1-224.255.255.2...

p_marquez by Not applicable
  • 2342 Views
  • 1 replies
  • 0 Likes

Resolved! URL Content filtering Question - Netflix

Ok, don't shoot the messenger but I was asked to see if I could unblock the queue management area for Netflix but still block the streaming media part of it... We're using the URL filtering capabilities of the PA 2050 device and I have a policy defined that's based on an Active Directory user group to filter traffic. I'm not sure how I would g...

Emailing of CSV reports?

Currently my reports can only output in the default behavior offered - PDF's are sent automatically - however, some groups within the company that specifically manage risk want to add automation to the mitigation process - and doing that would be much easier if the reports could be emailed out in CSV format.Is it possible to email reports out of...

jsilvia by Not applicable
  • 4130 Views
  • 1 replies
  • 0 Likes

DHCP server -> conflict IP

HiI have a DHCP server enabled on one of my interfaces, but clients have problem getting IPs back - after reboot of windows machines it normally works, but this normally not an issue with other DHCP servers.Here is one message ->An error occurred while renewing interface Local Area Connection : The DHCP client has obtained an IP address that ...

FlexyZ by L3 Networker
  • 6574 Views
  • 4 replies
  • 0 Likes

Overlapping networks - NAT

Hi!I have another problem - this time with overlapping networks. Here is a picture:I'm the administrator of PA1. How can user from PC1 connect with PC2 ? I tried with destination and source nat on PA1 but i had to add routing to the destination translated address on PA1 ? How can I do that without adding this routing ? Is it possible ?RegardsP.

Resolved! App-ID block the whole category

Hi guys,i have several distinct classes of users, and whole categories of apps need to be blocked for several of these classes. Is there a way to block a whole application category, similar to the way we can block whole categories using the URL filter.I wish to block all games and proxy sites, there are 91 apps that are categorized as games or p...

bkandola by L0 Member
  • 2719 Views
  • 1 replies
  • 0 Likes

How to report traffic logs for a specific rule ?

Hello,I have defined several specific policies to allow traffic through my PA device.I have also created a rule that allow any traffic (at the end) to not impact current traffic.My idea is to be able to identify all traffic that flows through my device through this "allow any" rule and then create specific rules for legitimate traffic.I have a l...

ldormond by L3 Networker
  • 4277 Views
  • 5 replies
  • 0 Likes

Will SSL VPN work for Apple IPAD (or ios 5 devices)

Hello,I was told today by PANTAC that SSL VPN work for IPAD (or ios 5 devices) for PANOS 4.1 but I have not been able to find any documentation supporting this to present interanlly. Can someone confirm this and also provide any supporting documentation surrounding this?Thanks

Eone by Not applicable
  • 3008 Views
  • 1 replies
  • 0 Likes

NetConnect to Global Protect migration issue

Hello to everyone,I migrate my PAN 500 from 4.0.7 to 4.1.0, with previously configured SSL-VPN which was operational. After migrating to new FW, SSL-VPN migrated to Global Protect portal with all configured settings and with new GP client to end nodes, but new GP client can't connect to gateway. I troubleshoot a while and from client side (proto...

Tician by L3 Networker
  • 6489 Views
  • 7 replies
  • 0 Likes

Resolved! captive portal and blackberry enterprise server

BES server is a proxy for all users on phones, (they all come from the BES IP address on the LAN) what is the proper way to install captive portal or user identification so that we protect and identify users on the phone client end-points?

kkeeton by L2 Linker
  • 3301 Views
  • 2 replies
  • 0 Likes

terminal server agent and security policies

hi , i installed the terminal server agent on the ts machine and i also configured ldap on palo alto,and create a no-restriciton rule on top of the list.when i try to access to internet technically i must not be blocked,but when i blocked i also dn't see a user name on the browser,just saw the ip address of the terminal server.any suggest will b...

  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels