General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Custom Report and User ID

We are running PA 2020 with Software version 3.1.6. We noticed when we run custom report with user ID , the logs mix-up Source Host address. For exampleA week ago I logged in with a computer name Laptop 1 for a day , and past 6 days I logged in with a computer name Laptop 2. This morning when I ran a report with my user ID just for yesterday , ...

ssarcar by Not applicable
  • 3166 Views
  • 3 replies
  • 0 Likes

translation vs url block/threat block

Hi,I just came across something quite interesting. A user needs to be able to translate a decent url, but by default translation is blocked by PaloAlto. Once you configure PaloAlto to allow translation, you can actually go into google translate, and translate an adult website into another language and view it within Google translate's page. My q...

Load Balancing Using Dynamic Routing

Is it possible for the PAN to load balance sessions across two equal cost default routes establish in an OSPF process that the PAN firewall participates in?If not, can this be accomplished through BGP?We have one ISP with two connections to the Internet, each with it's own router. We would like to participate in dynamic routing and accomplish s...

nsteffens by Not applicable
  • 3041 Views
  • 1 replies
  • 0 Likes

Traffic forwarding based on security policy?

We have been trying to troubleshoot an issue for a couple weeks now. We seem to have found the issue, but it doesn't make sense. I'm hoping someone can shed some light on this:First off, we have a pair of PAN-4020's in HA @ 3.1.9.I'm going to oversimplify the situation, but I think the logic will hold:Segments A, B and CSegment A is a user seg...

bhelman by L2 Linker
  • 4146 Views
  • 4 replies
  • 0 Likes

Cannot browse nat webpage internally in lan

Hello All,We have some internet facing servers who has NAT public address.1) Externally we can access the public address of the server.2) Internally on our LAN, we cannot access the public address of the server, it timed out. However the appliance monitor tab shows accept, nothing was denied.The policy rules i set wasAny to Any - Server_...

mmxong by Not applicable
  • 2939 Views
  • 2 replies
  • 0 Likes

Resolved! System Log monitoring via email?

Is there a way to have notifications sent on system log events, either via SNMP or email, in 3.1.8?Perhaps I am just not seeing it in the config, my apologies.Thanks.

KGC by L3 Networker
  • 4498 Views
  • 2 replies
  • 1 Likes

Antivirus job failed

Dear Sir,I am getting above error message in my logs even though the Av update has taken palce. Ths is 2nd time i saw the messgae in the log.And also I can see some unusual logs in the logs. pleasee see the attched log file.Regards,Asanka

Asanka by L2 Linker
  • 7988 Views
  • 7 replies
  • 0 Likes

Resolved! URL Catagories Report

I have several URL filtering policies defined on the objects tab with my PA-2050 and would like to be able to dump that information into a report / spreadsheet for my manager etc. Is there a way to do this? It would also be benificial to me so that I can check my policies against each other. If there's a command line way to dump that config o...

SSL Renegotiation Denial of Service Vulnerability

Hi All,I have received an Alert for SSL Renegotiation Denial of Service Vulnerability.I have visited the website, and for some reason, Palo Alto thinks i am the attacker,and the website i am visiting is the victim.I have attached screen shots of this issue, please help me in understanding this issue/threat.I am not sure how to treat it and why P...

Resolved! Multiple DNS Names SSL Certificate

Hi All,Hope this is an easy one to answer.I have a customer that requires that the SSL-VPN have 2 fqdn names associated with iti.e.https://vpn.company-A.com = 196.1.1.1https://vpn.company-B.com = 196.1.1.1How would i over come this as I can only allocate a single certificate to the VPN portal ?CheersMarc

File transfer Issue - PA5050 (PAN 4.0.2)

PA5050 device with PANOS 4.0.2 in L3 mode: - There is created a single interface AE1 (6x physical interface in LAG); - There is createsd 100 L3 subinterface with VLANS tag on interface AE1; - The device has a one rule "allow all" (test environment) with profiles SPYWARE, AV, VULER, URL, DATAFILTER - all in logging mode.The device works fine with...

darkfibre by Not applicable
  • 4980 Views
  • 4 replies
  • 0 Likes

Dynamic URL database updates failing.

Folks.I haven't been able to connect to the URL database update server for nigh on two days now - all other updates are working fine.Does anyone know if there's an issue, or is anyone else experiencing a similar issue?Cheers

dagibbs by L4 Transporter
  • 4092 Views
  • 2 replies
  • 0 Likes

RADIUS authenticated SSL VPN users in policy

Is is possible to define a "source user" in a security/QoS policy as a username/group that was authenticated by RADIUS? Basically, the need is for users coming in via SSL VPN to have specific security policies assigned to them based on username or RADIUS group membership.

pflanagan by Not applicable
  • 3792 Views
  • 2 replies
  • 0 Likes
  • 24402 Posts
  • 123 Subscriptions
Top Solution Authors
Labels