General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! User Agent System Requirements

We're running into issues with the Palo Alto User Agent.  It'll run for a few days, then we'll stop getting user information.  When I look at the server running the agent, and try to start the agent, I get a message along the lines of "The paging fil

...

Virtual-Wire connectivity during reboot

Hi all,

I know some IDS/IPS are able to keep the network connectivity during a reboot. Then it does not stop the trafic.

Does the PA able to do the same in Virtual-Wire mode ? Or in other mode ?

The aim is to upgrade the appliance in a production enviro

...

olev by Not applicable
  • 2664 Views
  • 2 replies
  • 0 Likes

QoS data in logs

Hello PAN,

Is there any way to obtain QoS data from the PAN logs other than doing a "show session id" CLI command in the current release 3.0.5? My customer would like to be able to see how much traffic is hitting the QoS classes and which traffic is h

...

jwolach by L4 Transporter
  • 1838 Views
  • 1 replies
  • 0 Likes

Resolved! sample logs of licenses expiration

Hello,

Could you give me the sample logs that the PA log before the following licenses expira ?

- Support
- URL Filtering
- VSYS upgrade

We have the log of threat prevention license:
- License for feature threat will expire on 2009/12/11

Regards,

Defining Policies, Profiles, etc via CLI

Our primary interface with devices and management systems is through the CLI.  Essentially, what I need is a guide that explains the syntax and how to create/update/delete policies, security profiles, etc via CLI.  (Neither the CLI Reference nor the

...

Troubleshooting PAN-Agent connectivity

Hello, I have PAN OS 3.0.5 installed on a cluster (active passive)

The passive device seams to have problem to contact PAN

As you can see from ommand below 10.44.36.125 Agent can't be reached (on active is ok)

(active)> show pan-agent statistics
Name    

...

Log files meaning

Hello,

With command tail I can read log from PAN FW. ...

questions :

what's difference between mp-log and dp-log ?

what does the mp-log files below contain/mean (i.e ha_agent.log is for ha system) ?

appWeb.log.old                masterd_manager-infra.log
b

...

Resolved! Pan Agent Expire setting

Hi,

I see in the logfile the information :

2010 01 04 10:07:25, ########################### Start Pan-Agent #############################
2010 01 04 10:07:25, Add Domain: ce
2010 01 04 10:07:25, Num. of Threads: 40
2010 01 04 10:07:25, GroupMemebers cache

...

u2343 by Not applicable
  • 3150 Views
  • 3 replies
  • 0 Likes

Resolved! Clear SSL Certificate cache

Hi,

We have a PA-500 and I can view the SSL certificates with: "debug dataplane show ssl-cert-cn"

I was told that this is the list of SSL certificates that are stored in the cache.

However I'd like to know how to clear this cache

Thanks

Secondary interface addresses

I'm trying to add more of the public IP addresses issued by my ISP to the external port on my PA-500.  When I try to commit the config, I get this error:

  • routed: In virtual-router Incoming: address 12.x.x.x/27 on interface ethernet1/1 has overlapping
...

bwmillslg by Not applicable
  • 9073 Views
  • 4 replies
  • 0 Likes

Can I check if a connection was dropped by the firewall?

I frequently have people coming to me asking if I can check if a connection is dropped on the firewall.

Allow me to give you an example:

We have a trunk setup between a cisco callmanager and one from Alcatel. All traffic between the 2 systems flows thr

...

pieters by Not applicable
  • 3213 Views
  • 1 replies
  • 0 Likes

DHCP - Not setting Subnet, issues with PXE Boot

We are having an issue with our new Palo Alto 2050.

We are using the DHCP server on the 2050 in conjunction with a PXE to iSCSI system.

Using a different firewall/router with integrated DHCP server - the system works fine.

With the 2050 - it doesn't.

We

...