General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How to configure Data Filtering Policy

I would like to know if there's a specific document that walks you through step-by-step of setting up data filtering.  I am running PA2020 v3.05.

I've read the Admin Guide v3.0, but it's very vague.  There's no information as to what weight # should b

...

hcao by L1 Bithead
  • 7002 Views
  • 9 replies
  • 0 Likes

OSPF Redistribution export tag

I have several connect and static routes I'm trying to redistribute into OSPF.  I've set up a redistribution profile and I'm trying to add it to the OSPF export rules.  I've selected the profile, set type as ext-1, but no matter what 32-bit value I e

...

nwallette by Not applicable
  • 2852 Views
  • 3 replies
  • 0 Likes

Resolved! IKE phase 2 failing with an asa5505

Message =

IKE phase-1 negotiation is succeeded as initiator, main mode. Established SA:

IKE phase-2 negotiation is started as initiator, quick mode. Initiated SA:

IKE protocol notification message received: INVALID-ID-INFORMATION (18).

Warning: undocumented change in syslog format

Heads-up to everybody: in version 4.x of PANOS, they have decided to make the following changes in their syslog format:

1. In the Miscellaneous field of the Threat Log syslog, where the URL a user visits is reported, the URL data used to be placed bet

...

ahopkins by L2 Linker
  • 2607 Views
  • 2 replies
  • 0 Likes

Application and Threat Versions

Hello-

I was wondering if there is a place on the portal to find out what the current available Application and Threat version is availble for download.  I use the dynamic updates option and look for a new version for the spyware and application and t

...

Syslog Issue.

Hi - I may have not understood how this is achieved - so apologies before I start!

I'm trying to forward logs for traffic and threat to syslog We have 2x 4050s and Panorama - all policy rules are added via panorama.

I've created a "log forwarding profi

...

fmd by L3 Networker
  • 4933 Views
  • 11 replies
  • 0 Likes

VPN for multiple internal subnets?

Hi

Is it possible to configure the VPN to access different internal subnets?   I mean, our network has a few internal subnets that do not route to each other...  there are users who need to access 192.168.1.x and some who need 192.168.2.x and others 1

...

RonaldGo by L2 Linker
  • 5799 Views
  • 13 replies
  • 0 Likes

2 IP ranges

In the Juniper and Cisco firewall configurations it is possible to route a second IP range to a firewall without having to add a second default route. Is this possible under 4.0.5?

My client is wanting to be able to failover between two data centers w

...

jcostello by L4 Transporter
  • 2754 Views
  • 3 replies
  • 0 Likes

ARP Timeout

Is there any way to adjust the arp timeout value from the default of 1800 seconds on the 4020s and the 2020s?

mallen223 by Not applicable
  • 2140 Views
  • 2 replies
  • 0 Likes

How to log out-of-state dropped packets ?

Hi,

Last week we've replaced an FWSM cluster with a PA-5050 cluster. After the migration there were intermittent problems with our CRM application. Allthough we had no used applications but only services in our security policy, the PAN was applying th

...

ISP redundancy issues

Hello and thanks in advance for any help.

I have a PAN 500 that has been doing great. We added a second ISP and used the "PANOS 3.1 ISP REDUNDANCY using Policy Based Forwarding" to setup teh second ISP and this works well (servers go out the 'routed r

...

u7483 by Not applicable
  • 2238 Views
  • 1 replies
  • 0 Likes

Replace IPs with Objects

I have several customer vsys that have nats and policies with IPs already in them. Is there a way to automatically change those to objects that I created after the fact? Or do I have to manually go through each one and fix it?


Thanks!,

SSL-VPN with Active Directory auth

Hello,

I'm trying to configure SSL-VPN with Active Directory authentication.I'm running PANOS 4.0.4, and SSL-Client 1.3.0 and 1.3.1.

I've configured the following:

1. An Server Profile with type Active Directoy

2. An Authentication Profile with LDAP auth

...

convex by Not applicable
  • 8127 Views
  • 9 replies
  • 0 Likes
  • 24304 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors
Labels