General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

We have some exciting community news to share: Threat Vector, a Unit 42 podcast, is now on LIVEcommunity!

 

Threat Vector is your compass in the world of cyberthreats. Listen to this biweekly podcast to learn about unique threat intelligence, cutting

...

jforsythe by Community Team Member
  • 279 Views
  • 0 replies
  • 0 Likes

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 3603 Views
  • 2 replies
  • 14 Likes

User-ID Agent not mapping users

Hello,

 

Im trying to configure User-ID Agent.

 

Dedicated users is created, with details acroding to: Create a Dedicated Service Account for the User-ID Agent (paloaltonetworks.com)

Agent version: 10.0.4-23

Agent is installed on Windows Server 2019.

DC's a

...

mgwozdz_1-1644489742592.png
mgwozdz_2-1644489787346.png
mgwozdz by L1 Bithead
  • 1804 Views
  • 1 replies
  • 0 Likes

Path Monitoring Static Routes

Hello All,

 

For some locations we have 2xISP setup, since we have no dynamic peering with any of those, we do a default static route via each of those. Having 'ECMP/Source IP hash' enabled it works just fine in a lab. We also do path monitoring for ea

...

Dynamic DNS Bind server updates from DHCP

Curious if the PA-3220 we are looking to use can dynamically send DNS updates to our Bind9 server whenever a DHCP request is granted from our PA DHCP scope we've setup? I know we can get a linux version of DHCP on our Linux server, but would rather l

...

tfleming by L0 Member
  • 1787 Views
  • 2 replies
  • 0 Likes

Decrypted traffic via firewall.

I don't have any decryption policy configured.
But I see port -443 traffic has decrypted flag yes in Traffic logs.
Is it normal for firewall to decrypt 443 traffic even when there is
no decryption policy?

PANOS0-9.1.10 VM-300

API URL Logs Issue

In the below code - I"m using the API to query the URL logs. It works great.

What isn't returning though is the src.user field, if it's mapped. How can I get this value? Do I need to do a separate query?

 

# Build PAN API Connection and get token pan_co...

mehixiyo by L0 Member
  • 1320 Views
  • 1 replies
  • 0 Likes

Apply TS Agent config automatically in FW

Hi,

 

We are expanding our CITRIX platfon in which we have installed a Palo Alto TS agent to monitor. So to avoid introduce manually the TS agent config in Pa (IP, port,etc) each new citrix. Is there any way to send the config to PA to do ir automatica

...

BigPalo by L4 Transporter
  • 1256 Views
  • 1 replies
  • 0 Likes

FW loses user mapping stop matching rule suddenly

Hi,

 

We are having a strange issue in our FW. User in VPN-SSL reported the stop working. The issue doesnt have any pattern. Random users, random time-range. 

The issue is solved when the customer force to reconnect the VPN or force pass the HIP check i

...

hipra logs.JPG
BigPalo by L4 Transporter
  • 2725 Views
  • 7 replies
  • 0 Likes

Patching One HA fully then the next.

If patching a HA pair to the next Major version i.e. 9.0.6 -> 9.1.0  is it safe to patch one of the pair all the way to 9.1.0 (minor versions and major versions) 

 

And then fail over and do the other firewall to bring that up to latest minor and final

...

Resolved! Global Protect Hip check iOS UDID

I'm looking for some feedback on the UDID HIP check for iOS devices.  Currently there is no way to pull serial numbers from the Apple iOS platform unless you connect a compatible MDM solution to the PA.  There is however a way to pull the UDID or ( u

...

Danross_0-1644850516993.png
danoman2 by L3 Networker
  • 3773 Views
  • 4 replies
  • 0 Likes

Routing Table size on PA appliances

Hello All,

 

We are looking into use PAs as routers on some of the sites. This will entitle us to accept BGP routes from Prisma and OSPF from internal routers. That's the reason I would love to find out if there's a limit (I am sure there is) for ammou

...

  • 24175 Posts
  • 100 Subscriptions
Top Liked Authors
Labels