General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Management of multiple devices in Panorama, what is shared ?

Hi,When managing multiple PA devices in Panorama, what information is shared ? I know it is possible to create device-groups, but this is only used for security policies.What about NAT, QoS, SSL decryption, Captive Portal, Policy based Forwarding ?And ofcourse settings for AD/LDAP/RADIUS servers ?RegardsFlorian

Resolved! How do we limit download traffic for specific applications?

We currently have a 7/7 mbps connection. We have a few applications that need download traffic to be limited to 4mbps. Is there a way I can do this?

Basic multiple-WAN-IP networking question

Some background, I am coming from a Sonicwall (which I'm not a big fan of, but I'm familiar with it) and I also have experience with the open-source pfSense system. I'm not super-knowledgeable regarding subnetting, but I have a basic understanding and I get how CIDR works and the correspondence between "slash-notation" and the typical decimal d...

Blocking bittorrent traffic

Hi,I have just found the time to start learning about our new firewall. As a test I have tried creating a policy for blocking bittorrent traffic, but it seems to have only limited effect. Transmission still happily downloads the torrent although I can see from the logs in the firewall that at least some of the traffic is being denied.Am I doing ...

Uknown-tcp in application based policy logs !!

Hi,I'am using PAN-OS 3.0.9, and i have configured some policies in witch i allow some applications defined by application override. I noticed that in the logs associated to this policies, there are lines that are identified as "unknown-tcp" with action :"allow" and type "end", is this normal?Normaly the firewall should not allow this connexions ...

No version info in Virus install from panorama

Hello,When doing app/content installs it shows what version is installed on the end device, but when doing an anti-virus update it does not so you have to keep track of which ones were done. Is this a bug in the software or what do we need to do in order to fix this?Thanks,Doug

Using an explicit L3 interface for captive portal web form in PAN-OS 3.1.2

Hello,I noticed this in the PAN-OS 3.1.2 release notes :Captive Portal Session Enhancements – The captive portal web forms method of authenticatingand identifying a user’s IP address has been modified to include a session cookie. This sessioncookie is used to maintain the user to IP mapping as long as the users’ browser remainsrunning. In additi...

No logging from firewall to Panorama

We have panorama installed and 10 firewall devices, reviewing the logs today noticed that only getting logs from two of the devices even though I can install app/content and virus definitions to all of them so communication is working fine. Anybody have any ideas on why we are not getting any of the logs?Thanks,Doug

Monthly PDF Summary Reports

Is there a way to take the daily PDF Summary reports and "roll them up for a monthly" report and send this to email?

Authentication for educational site, before being controlled by PAN

What I'm after is a system that acts as a RADIUS server to authenticate both wired and wireless users over the network via EAP. The network will then authenticate the user and allow them access to specific VLANs, depending on the user and what machine they are logged on to. Some possible scenarios:Staff Member without admin rights:- If they ...

SSL VPN Configuration - HELP!

Hi All,I have been strugeling to get set up the SSL VPN on v3.1.3I have managed to get the page to login appearI have managed to be able to loginI have been able to dowload and get the client connectbut for some odd reason it will not communicate to the network !!! :smileyconfused:I have followed the article on the VPN connection on this site, I...

SSL-VPN with Ldap

I´m trying to configure ssl-vpn to authenticate users in ldap server or locally with imported users from Ldap via PAN. The only way that I’ve successful login´s is when I create a local user in Palo Alto firewall. I´ve got connection to Ldap servers, and in system log it appears User 'xpto\administrator' failed authentication. Reason: User is no...

Resolved! Captive Portal Logout URL

When using captive portal in vwire transparent mode, the PAN device presents a custom URL for the logon page. Is there an associated URL that can be referenced to log a CP user off? This would of course only be for the source IP address of the requestor. Just curious really as a particular scenario I am testing requires a significant inactivi...

Resolved! historical user active reports

Can someone tell me how far back you can expect to be able to run a user activity report ?

Resolved! Sawmill with PAN URL logs

Hello,has anyone integrated PAN URL logs successfully with Sawmill for detailed reporting?Would need some help on that given that we need to get browse time per user.thanks

Discussions