General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Log quota utilization

Dear All, We have deployed a PA3220 firewall. Please let me know a command that I can use to check how much utilized from allocated quota for traffic log and I know I can use >show system logdb-quota to check retention date. I am looking a for a command similar to this that gives how much have been used from allocated quota. I would really ap...

Resolved! CLI to create Address Object and Address Group

I need to create 800 IP address and Address group into Panorama. May I know what is the CLI command able to help me to do it ? I have tried below command but return as invalid. set device-group D-DMZ address H-xx.xx.xx.xx ip-netmask xx.xx.xx.xxUnknown command: set #CLI Panorama

JiaXiang by L4 Transporter
  • 9081 Views
  • 2 replies
  • 0 Likes

TS Agent is not working

I have installed TS Agent v10.0.0 software (x64 bit) on a Windows server in a Citrix environment. I have also configured on the Firewall the IP address of the TS Agent Server, I have allowed the firewall policies to grant access from Firewall to TS Agent server, and I can see the traffic is allowed. However, the TS Agent server is not connected...

njideobi01_0-1643791358353.png
njideobi01_1-1643791646337.png

PANOS 10.1.2 TACACS stops responding - needed reboot

I have an issue I was hoping to get some feedback on. I manage 27 different Palos and also Panorama. I have one FW that stops responding to the 2FA setup with TACACS+. All the devices are the same configs and all running 10.1.2 code. A simple reboot solves this (Band-Aid). I am curious if anyone else has seen this behavior?

mscaggs by L0 Member
  • 2181 Views
  • 1 replies
  • 0 Likes

Palo Alto admin UI single sign on with Okta

Configured the Panorama SAML authentication for Admin UI SSO integration with Okta.I followed the Okta/Palo Alto single sign on setup instruction. Here SP(Palo Alto) will initiate the SSO and Okta will acts as an IDP.https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Palo-Alto-Networks-Admin-UI.html?baseAdminUrl=https://gpmedicare...

Resolved! Adobe cloud whitelisting

I found some docs on whitelisting for adobe cloud which could be handy: Includes a whitelist: https://helpx.adobe.com/content/dam/help/attachments/Creative_Cloud_for_enterprise_Service_Endpoints.pdf Background http://wwwimages.adobe.com/content/dam/Adobe/en/devnet/creativesuite/pdfs/ControllingSvcAccess.pdf It could be handy to have this...

chirss by L3 Networker
  • 17172 Views
  • 4 replies
  • 1 Likes

Nat out to internet with overlapping subnets in two separate virtual routers

Below is an example diagram of my scenario. We have a subnet that is part of our production network, and then we have the same overlapping subnet for testing and disaster recovery which exists in a separate virtual router. I've oversimplified the drawing, so hopefully this makes sense. For testing purposes, the overlapping subnet in virtual r...

Screen Shot 2022-02-02 at 3.36.37 PM.png
buck1 by L1 Bithead
  • 6899 Views
  • 5 replies
  • 0 Likes

Resolved! User-ID - LDAP - Different domains at samAccountName and userPrincipalName

Hello all, the following problem: A Sub-AD-Domain in a forest with different domains at samAccountName and userPrincipalName. samAccountName: domain01\user01userPrincipalName: [email protected] Dial-in with Global Protect via SAML with [email protected] PA recognizes user as [email protected]. All rules based on User-ID don't work, because...

Daniel_Treutle_0-1644137123103.png
Daniel_Treutle_1-1644137168688.png

Panorama VM - Decrease Size

Hi Community, I got a customer who has a VM Panorama with 1 TiB of local storage.Now we have a SIEM solution installed, where the long-duration logs are stored, so the Panorama disk storage is oversized now. I know there's a guide to add disk space to Panorama VM, but no solution to decrease space. Does anyone know, if there is a solution to def...

Chacko42 by L4 Transporter
  • 3638 Views
  • 3 replies
  • 0 Likes

GloablProtect WFH Split Tunnel Domain-Include issue

this semi coincides with the zoom discussion I've setup Split tunnel and added a bunch of domains *.whatever.com into the split tunnel include domain tab. This works half the time and the other half not at all. I've tested on mac and windows. I'm also seeing zoom traffic across my vpn tunnel even though I have excluded the domain names and zoom...

Resolved! Any way to throttle MS Updates

All of our instant clones decided to update this morning and it's killing my Internet pipe. Is there a way I could limit the amount of bandwidth us for MS Update? Something fast and easy?

palomed by L3 Networker
  • 6499 Views
  • 3 replies
  • 0 Likes

Resolved! vSE Summit 2022 invitation

Hi everybody, I just received an invitation to the "Palo Alto Networks vSE Summit 2022" sent from Jeremy Behrle, but I'm not sure this is an official Palo Alto Networks or PAN Partners' event. Searching into the Palo Alto Networks event calendars, I'm not able to find anything about this particular event: https://www.paloaltonetworks.com/resou...

grenzi by L3 Networker
  • 3444 Views
  • 2 replies
  • 0 Likes
  • 24395 Posts
  • 123 Subscriptions
Top Solution Authors
Labels