This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4120 Views
  • 0 replies
  • 0 Likes

HA - Link Monitoring

Hi,I´m testing the HA configuration of our firewalls and experience unexpected behavior.If both HA members experience link down errors, we want the appliance with the most active links to be active.In the "PAN-OS HA - Understanding PAN-OS HA states, timers and loops" document I found this:"If both the active and passive devices experience multip...

asieber by Not applicable
  • 4857 Views
  • 4 replies
  • 0 Likes

Applipedia - search by port number?

Does anyone know if it's possible to search for an application by port number instead of name, to see if you can find a match?I have some connections using an application that shows a known - and recognised - PORT number when I run a packet capture, vis-a-vis12:49:53.009216 IP (tos 0x0, ttl 128, id 47750, offset 0, flags [none], proto: UDP (17),...

dagibbs by L4 Transporter
  • 3937 Views
  • 3 replies
  • 0 Likes

FTP over HTTP

Hello,I need to block FTP communication - however, I do not want to block downloads that come through a browser - which can utilizes FTP over HTTP. Would this configuration theoretically work? Curious if anyone has made that work - before I get into testing mode.Rule1 - any/any - FTP Application - HTTP Service/Port80 - ALLOWRule2 - any/any - FT...

MGoodnow by L4 Transporter
  • 9027 Views
  • 8 replies
  • 0 Likes

Reporting for management..

I'm having some troubles coming up with a clean report that will tell my employer the highest number of concurrent users on the PAN each day... Anybody write one? Trying to filter out the nonsense seems to be the problem. I just need to see "at X PM xx users were connected and surfing".

kazjak by Not applicable
  • 2124 Views
  • 1 replies
  • 0 Likes

Resolved! Firewall Roll back interface lights go away

Hi All; I have a pretty big problem with a PA500.1) Commit times are 4-5 minutes. Though other PA500s we have commit in roughly 30 seconds to a minute. Could this be a hardware problem? It's only running demo traffic.2) When trying to roll back from version 4.0.5 to 3.1.10 it has an autocomit job that fails, restarts and fails in an infinite lo...

amansour by L4 Transporter
  • 3059 Views
  • 2 replies
  • 0 Likes

Captive Portal as a AUP accept page for internet access?

Hi All,Could I use the Captive Portal, as a way of displaying an Acceptable Use Policy ( AUP ) that users must accept, before gaininginternet access?To make this as seemless as possible, is it also possible to not have to require the entering of username/password combination, as the user would have already been authenticated by User-ID?

KatanaNZ by L3 Networker
  • 3395 Views
  • 2 replies
  • 0 Likes

Resolved! Extract SSL VPN MSI in 4.0

I see there's a document for extracting the SSL VPN MSI installer for 3.1 and earlier code: https://live.paloaltonetworks.com/docs/DOC-1398Is the procedure the same for 4.0?

pflanagan by Not applicable
  • 2577 Views
  • 1 replies
  • 0 Likes

Resolved! Signature Review/Modification

I tried searching through the discussions but didn't see anything regarding this. Is it possible to see what the actual threats are matching on? Essentially what their signature is so I can make a more accurate analysis of the validity. For example, Scripts/Win32.Rsrc.o is classified as a Medium severity virus threat. The description is simply "...

No user names in the PA appliance

Still no user names in the PA appliance. from PAN-Agent debug:[skipped]2011 09 21 16:55:16, AddEntryUnknownTableSafe 192.168.207.1002011 09 21 16:55:16, User Enumeration, IP: 192.168.207.100, Username: MERVIN$, Domain: companyname2011 09 21 16:55:16, User Enumeration, IP: 192.168.207.100, Username: __vmware_user__, Domain: MERVIN2011 09 21 16:55...

goldandy by L2 Linker
  • 2581 Views
  • 2 replies
  • 0 Likes

Resolved! Generating reports with user display name ..

Hi ,currently am using the pan-agent for integrating with active-directory and the integration is fine, the issue is it only displays the username NOT the display name where it could affect the reports .for example username : sales_1 --> display name : John ... in the reports it will show sales_1 not john, so is there a way to override this i...

Multiple External Interfaces

Hello,I have a pan 4020 that will be replacing multiple firewalls. The internet side of the firewall has a /25 network. I have a corporate network that has an external interface of x.x.x.2/25 in the Internet zone and a guest wireless network that has an external address of x.x.x.3/25 in the Internet zone. The corporate network has an internal ...

No result from "show user pan-agent user-IDs" command

Dear All, I just install pan-agent on my AD, windwos 2003 server, and configure PAN box to connect to this pan-agent. I can see traffic with user from AD server. I found result from command " show user ip-user-mapping all". I can list group of AD with command " debug device-server dump user-group name". However after I run command "show use...

Logging to Panorama over a WAN Link

We have a remote location that connects back to our corporate office via a WAN Link. At this remote site, we have two clusters of Palo Alto Firewalls that are pretty heavily utilized and produce around 1+ GB of log per day. We are preparing to deploy Panorama at our Corporate location to manage all of our PA firewalls. We would like to send t...

Milamber by L1 Bithead
  • 4441 Views
  • 6 replies
  • 0 Likes

Is PAN-agent supported for win7?

Tried to install pan-agent 3.1.2 in Win7 32bit workstation. Installation is ok, but after that I see "Please start PanAgent Service first" in the Agent Status (but the same time PanAgentService is running. I tried stop\start service, restart PC - didn't help)So, is it supported? If not - when it will be supported? If yes - what's may be wrong in...

goldandy by L2 Linker
  • 2908 Views
  • 3 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks