This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4115 Views
  • 0 replies
  • 0 Likes

x-forwarded-for and User Identificaton

We have configured x-forwarded-for flagging along with the User Identification.Traffic logs from a tap upstream of a (squid) proxy carry the x-forwarded-for flag, but the IP is not resolved to a user.Is this expected behaviour? (i.e. is ip-to-user translation supported in reference to x-forwarded-for?)Many thanks in advance.

User-ID not detecting logged off users?

I have the User-ID agent configured and working nicely, however I just noticed a few entries in the URL logs showing for the domain user who last logged on to one of our PC's when I know that the PC is currently logged on using a local account rather than a domain account.I guess I've missed something?

SSL Forward Decryption - Understanding Override

I'm looking at the pros and cons of enabling forward decryption. I noticed there's an "Are you happy to continue" over-ride option but it's global i.e. it's simply on or off.I assume this won't play nice with any non-browser based https downloads?Also I couldn't work out if you say "yes" what constitutes a session, for example I went to https:/...

Which variables are allowed in response pages?

According to Custom-Block-Pages-TN-revB.pdf the variables available are:<user/><url/><category/><appname/><pan_form/><fname/>Where <pan_form/> can only be used for captive portal and url filtering continue and override page.But what about the others?Later in the same document there is a table that claims...

rps by L3 Networker
  • 3416 Views
  • 1 replies
  • 0 Likes

Resolved! UIA

How to download User Identification Agent ?

Can a PA replace data in a stream?

PA have support for datafiltering but is it possible to also, when a rule is triggered, to replace the data and pass it through?Like exchanging "User-Agent:" in all http-requests (where User-Agent exists in the header) into a common User-Agent string, or for that matter completely remove data in a stream (lets say if you want to remove "Via:" he...

rps by L3 Networker
  • 2368 Views
  • 1 replies
  • 0 Likes

Resolved! User Identification Agent with Active Directory

I know that PA Firewall uses MGT interface to connect to user Identification Agent, I know that most of the other services can be set to use any other interface with the "Service Route Configuration" commands.Is there any method to use any other interface as a source for communication with User Identification Agent? Thanks in advance

Resolved! Logging - Best Practise?

What is considered "best practise" to get useful logfiles should the need arise to go through them?The default seems to be CSV of source and destination IP/User but, for example, how would I get the URL visited since 99% of the time that is the bit we would be looking for, or would recognize more than an IP address?I guess it could be done by us...

False Positives problem of anti-virus

Hi,I received a virus block message ( Client-IRC/IRC.mirc.0113 ) when I entering the following URL:http://pmb.update.sony.net/SPU/SPUDownloadManagerInst.exeBut this file was passed by other virus scan software (Sophos).Was It a false positive or not?

Resolved! Creating Custom Applications - Dummies Guide?

Is there a dummies guide to creating custom application please?We have a couple of "in-house" apps that always pass traffic on certain ports, always to/from a certain IP range, and I'm struggling to see how to put "something" in place that says "If this traffic is between source A and destination B and is on port XYZ it is CustomApp"?Equally we ...

Dynamic Update Failing

With in Pano and direct on 3 PAN devices - I am receiving the below error when attempting to download yesterday's threat update. I am going to try a manual upload. This is the first time this has event has occured. Are there any issues with downloading content from corporate since the release? Thank you.Failed to download. Please try again la...

MGoodnow by L4 Transporter
  • 5763 Views
  • 5 replies
  • 2 Likes

Simply correlate theats and URL's

I'm surfing throgh differents threats (virus,spyware,etc) in the monitor windows and in some cases I find out in the other filed the URL wher it came from otherwise moslty of the time I just see the source/destination IP.My question: is possible to correlate URL and threath ? If yes how aprt from the timestamp combinated with sessionid ?Thanks B...

asecus by Not applicable
  • 3640 Views
  • 3 replies
  • 0 Likes

Resolved! Path-Monitoring Virtual Wire

Hi everybody,PA-2050Software: 3.0.5we have configured a Cluster and want to use path monitoringover a Virtual Wire.The source IP must be an IP in the same subnet as the destination IP?We have implemented a Virtual Wire in a VLAN tagged environment.Is it possible to add an tag if we want to use path monitoring in this environment,or is it only po...

indevis by L2 Linker
  • 5314 Views
  • 1 replies
  • 0 Likes

Resolved! SSL VPN - DHCP Relay and Deny lists

Is there a way to configure the SSL VPN to rely on DHCP relay instead of using it's own internal IP pool? I thought enabling it on the public interface might work, but I don't really like the thought of anyone in that same segment getting one of our private IP addresses.Also, is there a way to explicitly deny a user or group access to the SSL V...

jdorland by Not applicable
  • 3353 Views
  • 1 replies
  • 0 Likes
  • 24333 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks