This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! Captive Portal authentication against RADIUS with Palo Alto VSA

Dear All,Does everyone happened to know if Palo Alto can recognize the PaloAlto-User-Group (Palo Alto RADIUS VSA) if the authenticated user account is not belong to user group that RADIUS Server return?I want to set the security policy rule and have a test for it.If the user is belong to the user group that RADIUS return, the traffic can be proc...

Resolved! SNMP RFC 1213 (MIB-II) and RFC 2664 (EtherLike-MIB)

Hardware: PA-500Firmware: 4.0.2Page 17 of the PAN 4.0 Admin Guide says:"Simple Network Management Protocol (SNMP)—Supports RFC 1213 (MIB-II) and RFC2665 (Ethernet interfaces) for remote monitoring, and generates SNMP traps for one ormore trap sinks (refer to “Configuring SNMP Trap Destinations” on page 54)."But yet when I do an snmpwalk I do not...

Upgrade issues

Hello,I have a PA-500 device running on PanOS 3.1.4. I try to update it to last release PanOS 4.0.2. (Direct upgrade allowed following the RN)I have no Internet conection yet, also I would like to install it from a local file.I click "Upload", locate my software package PanOS_500-4.0.2 then I click "Install from File" and select my package from...

ldormond by L3 Networker
  • 6882 Views
  • 8 replies
  • 0 Likes

decrypted SSL traffic over Proxy since 3.1.10 slow

Hi folks,since upgrading to 3.1.10 is the ssl traffic (with decryption on the firewall) by squid proxy significant slower as without using a proxy. Not on all websites, but on some the browser needs up to 1 Minute to display the first page.I tried several squid options. Neither in the firewall nor in the proxy logs is any error or blocking annou...

mhuels by L3 Networker
  • 2047 Views
  • 1 replies
  • 0 Likes

Resolved! Creating Reports based on OU

Hello,I need to create custum raports regarding user web activities based on OU from our AD. Is it possible? And if yes how to do it?I was trying to create custum raport and then set user.src in our_ad/group, but it doesn't seems to work.Regards,Piotr Bratkowski

Resolved! User Report to create custom logo

Hi,When I query a custom report, I get Palo Alto log on all pages, I need to replace this logo by a custom company logo.Kindly advise how I can change this logo, so that the final PDF report generates the company specific custom logo.Rgds,Tauseef Ahmed.

ta185020 by Not applicable
  • 2534 Views
  • 1 replies
  • 0 Likes

Commit Failed: PAN-OS 3.1.5

Hi All,Have a PA-500 which is failing on a commit with the following:OperationCommitStatusCompletedResultFailedDetails device: No rule entry definedCommit failedHow can I troubleshoot this further, I am not sure what it would be refering to.ThanksMarc

Allowing the PAN to respond to tracert

I'm able to ping the interface and don't see any denies in the log, but when I traceroute through the PA-500 it does not respond.The rest of the hops do respond, just not the PAN itself.

bjdraw by Not applicable
  • 10278 Views
  • 5 replies
  • 0 Likes

User ID Agent

Hello- I am running PAN OS version 3.1.7. I am running a User ID agent on an application server within the domain but I am not getting complete user ID information in my traffic/threat logs. We have just upgraded to Windows 2008 R2 64 bit domain controllers. Should I install and configure the User agent directly on the DC's for better result...

Resolved! User names not showing in logs, but do show when writing rules

I have a PA500 running version 4.0.5 and a PAN-agent running 3.1.2AD. I see the pan-agent working and connected to the PA-500 when I run the "show user pan-agent statistics" it says I have hundreds of users and all my groups and IP's in the output of that command. However, when I go to monitor the traffic log or any log for that matter, no user...

mnwvpn by Not applicable
  • 4340 Views
  • 2 replies
  • 0 Likes

User-ID users not timing out

I only have a few users currently as this is a new deployment however the very few users I have do not seem to time out. I'm using the latest PAN agent on Win2008 R2.I have users still mapped who haven't been in the office for over 2 weeks. I have myself across about 6 IP's too. I also have mappings to users who are not here.My config is all de...

msnazel by L0 Member
  • 2925 Views
  • 2 replies
  • 0 Likes

Application is Incomplete

In the monitor log, what does it mean when it shows Incomplete under the Application?I am blocking incoming RDP and everything works fine (Action = Deny) as long as it sees it as MS-RDP or T.120 but I am seeing some traffic shown as Action = Allow on port 3389 when Application = Incomplete.How would I block take traffic?

rbrogdon by Not applicable
  • 10408 Views
  • 5 replies
  • 1 Likes

NAT Multiple external IP's to a single inside host

I'm trying to find documentation and/or any help to see if PAN firewalls are capable of NATing Two external IP's to a single host IP.My scenario:ISP1 204.23.123.123 ----------> Internal host 10.10.10.10ISP2 79.23.123.123I have tried searching documentation as well as contacting support and I have not received any...

Block doubleclick.net

Hello,I would like to block *.doubleclick.net because I am suspecting that it is the source of few spyware infections in our corporate network. Has anyone blocked this category of websites in the past? Is there a side effect if I block them (e.g. legitimate websites not loading etc).Kind regads,Andreas

  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks