This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

URL Sync to Peer for Active-Passive Cluster

Hi All,So title says it all. I have a client with twin 4050's running in an active-passive cluster, that we have recently enabledURL filtering on.Annoyingly, there is no sync that we can see between the active and passive for the URL database, from initial activation,through to the dynamic updates.We have to bounce the pair to bring the passive ...

KatanaNZ by L3 Networker
  • 6804 Views
  • 5 replies
  • 0 Likes

Resolved! PAN on trunked interface

I have talked about this setup before but I am having issues getting it to work in the lab. I would like to position the PAN "inline" between two cisco switches that are connected via a trunked interface with specific allowed vlans. I would like to break it up and apply policies based on the tagged vlans across the trunk. So far I have configure...

PAN Layer 2 and STP

I have a customer that is using RPVST+ on the core of their network for redundant Layer 2 connections to their servers. Using spanning tree link costs they load balance the trunked connections to their core switch. They have asked if it were possible to implement the PAN on one of those two trunked connections via Layer 2 subinterfaces and keep ...

Resolved! Database Extraction "PA 2020"

How I can extract the entire database of PA2020? I need to generate other reports with another system, please help! ps: and try it with the command "export log-file tftp *" does not give me what I need, I'm only one month of the five I have, the disk used for logs measured 124GB, eExcuse my translation error Regards Arturo Vazquez

Question about Security Policies and NAT

I'm working on developing my rule base prepping for implementation. I'm noticing that alot of my inbound rules, ie:Where the destination in an address object with my internal IP. Now of course I have NAT rules to statically NAT the traffic inbound and outbound. Outbound (handled by another rule), the log shows the internal IP address as the s...

dshue by L2 Linker
  • 5515 Views
  • 2 replies
  • 0 Likes

HA Active Active Setup

Hello, We have two PAN-2020 appliance running with 4.0.5 and setup for active/standby HA. We would like to change our HA setup to active/active instead of active/standby. In our existing setup we have two interfaces configured for virtual wire and one is setup as layer 3 interface for captive portal. If we change the active/standby setup to acti...

ahmedf by Not applicable
  • 3233 Views
  • 1 replies
  • 0 Likes

Resolved! TAP mode and user ID

Hello all.quick question.during the demo(TAP mode), customer want to map IP to user id.in the TAP mode, can I integrate w/ LDAP to retrive the user id?in the doc-1445. transparent authentication only support AD. and interactive authentication can support LDAP, RAIDUS and local db.on in my customer's case, the only available option is using AD?...

willstech by L3 Networker
  • 4192 Views
  • 2 replies
  • 0 Likes

SSL VPN over Dial-Up Speeds

YES, you read it right! DIAL-UP speeds! Unfortunantly we have some users that have old 1x and iDEN air cards that are probably slower than some Dial-Up speeds. It is what it is I suppose. Our old IPSEC vpn (Check Point) client really didn't complain about it much, it was slow but still connected. We are moving our users over to the Palo Alt...

dshue by L2 Linker
  • 3397 Views
  • 2 replies
  • 0 Likes

Captive portal users not in groups?

We are using the UserID agents on our servers for ID and groups. Users that login via our AD domain on bound machines are correctly identified and we can apply policies based on group membership. That all works very nicely. We just put captive portal in place that uses Kerberos for authentication against AD. Users are authenticated, but poli...

Viewing Rules in the Policy

Hi - we use Panorama and 4050s all running 4.0.5. We have a lot of rules on this firewall for one reason or another (it's a port from Checkpoint of an internal datacentre firewall where there are lots of non-web applications etc). Anyway, I can find rules in the policy GUI fine - but what I'd like to be able to do is locate a specific rule quick...

fmd by L3 Networker
  • 4237 Views
  • 6 replies
  • 0 Likes

Resolved! Error Installing Service: PanAgent

Hi all,user - better: usergroups - identification is a major point in our evaluation of the PAN-Firewall.Now when trying to install "PanAgent-3.1.2" on my windows7 laptop the software itself is installed, but theservice failes: "Error Installing Service" when trying to execute PanAgentServices.exe(Of course using administrator-rights)Is this a k...

Gunther by Not applicable
  • 4685 Views
  • 5 replies
  • 0 Likes

Resolved! Captive Portal authentication against RADIUS with Palo Alto VSA

Dear All,Does everyone happened to know if Palo Alto can recognize the PaloAlto-User-Group (Palo Alto RADIUS VSA) if the authenticated user account is not belong to user group that RADIUS Server return?I want to set the security policy rule and have a test for it.If the user is belong to the user group that RADIUS return, the traffic can be proc...

Resolved! SNMP RFC 1213 (MIB-II) and RFC 2664 (EtherLike-MIB)

Hardware: PA-500Firmware: 4.0.2Page 17 of the PAN 4.0 Admin Guide says:"Simple Network Management Protocol (SNMP)—Supports RFC 1213 (MIB-II) and RFC2665 (Ethernet interfaces) for remote monitoring, and generates SNMP traps for one ormore trap sinks (refer to “Configuring SNMP Trap Destinations” on page 54)."But yet when I do an snmpwalk I do not...

Upgrade issues

Hello,I have a PA-500 device running on PanOS 3.1.4. I try to update it to last release PanOS 4.0.2. (Direct upgrade allowed following the RN)I have no Internet conection yet, also I would like to install it from a local file.I click "Upload", locate my software package PanOS_500-4.0.2 then I click "Install from File" and select my package from...

ldormond by L3 Networker
  • 6679 Views
  • 8 replies
  • 0 Likes
  • 24333 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks