General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! IPSEC vpn between cisco 2900 and PAN

Hi everyone, I'm trying to setup a route based IPSEC tunnel between my PAN 3020 and Cisco 2900 router. I'm getting a parameter mismatch on on the ipsec lifesize parameter and don't know how to fix it. The Cisco peer appears to be wanting a lifesize setting of 4608000KB but the PAN won't let you set it that high. I've tried setting it with the ...

epeeler by L2 Linker
  • 5887 Views
  • 3 replies
  • 0 Likes

Resolved! Warnings DNS Security

Hello team, I have cluster active-pasive PA-820 version 10.1.0 When I make a commit I recibe this alert " Warning: No Valid DNS Security License" Someone helps me? Regards

Alpalo_0-1631270781892.png
Alpalo by L4 Transporter
  • 4306 Views
  • 3 replies
  • 0 Likes

Resolved! Active directory OU as selection for users security policy

Hello allI am new in Palo Alto devices and PanOS, so here is my questions.Is there a way to select an active directory OU as a source user in a security policy?(Or something else to manage it)Working with Forcepoint they apply policies to a whole OU (and also users and groups) Thanks in advanced

High CPU on the management plane

I am running 9.1.10 on the PA-850. Last night, I replaced the User-Agent Server and pointed the PA-850 to the new UA server. After that, the CPU on the management goes up to 100% and stayed there until I had to reboot the PA-850. I attempted to restart the management server process but that didn't fix it either. After reboot, the CPU on the ...

dtran by L4 Transporter
  • 12357 Views
  • 3 replies
  • 0 Likes

Jio Meet application is not accessible

Hi Team, Today i came up with an issue that i am not able to access JIO Meet application. While i was checking the applipedia website the JIO app was not there.I came up with a solution to create a custom application. Yet not sure which ports are used. Is it possible to share the details so that i can create a custom application with it. ThanksV...

UID setup questions

All, setting up windows based uid agent, looks FW connected to it is fine, but which shows connecting to the DC server.From debug info, 09/08/21 22:05:08:082[Debug 355]: Event: type="server status" name="x.x.x.x" status="Connecting"09/08/21 22:05:08:082[Debug 123]: OpenEventLog failed for DC sin01dc(x.x.x.x) - The RPC server is unavailable. Why ...

AllanGao by L1 Bithead
  • 2419 Views
  • 1 replies
  • 0 Likes

Microsoft Radius Authentication with PA

Hi, I am trying to setup Radius Authentication with PA. I have setup EAP(PEAP) and EAP-MSCHAP v2 on the windows radius server. However I can only login to the firewall using PAP. I have tried to import the certificate from the radius server but not sure why I can't use the EAP or MSCHAP options. Please advice as I am not sure if I am exporting ...

umar00o by L2 Linker
  • 7462 Views
  • 6 replies
  • 0 Likes

Radius Authentication Failure: Timeout

Issue: Authentication failure when using AD Account Log: Authentication Timeout to server Setup:PanOS Version: 10.1.1Panorama is not used NPS Installed on Windows Server 2016Radius Server Profile CreatedAuthentication Profile Created Admin Role CreatedLinked in SetupNPS Client and Policy Created( 25461 - uses created admin role, uses PAP) Teste...

X-Auth IPSEC tunnel for Mobile doesn't work

Hello there:Recently I enabled IPSEC and X-Auth for the GlobalProtect Gateway, hoping to let my mobile users could use remote IPSEC access VPN. But it didn't work as my iPhone kept showing "user authentication failed'. I am pretty sure the configs on both PAN and Mobile are correct. How I should troubleshoot this?I use Radius and 2FA for GlobalP...

FelixXia by L0 Member
  • 4342 Views
  • 3 replies
  • 0 Likes

Resolved! How to graph total number of UDP sessions over time

We're looking at setting up Zone/DoS protection and we would like to have a graph in order to establish a baseline. I've seen the ones within Pano health but those seem to be total numbers. We'd like to be able to see UDP separately. Is there something we can setup in ACC, Reports, etc..?

HA1-Backup connection down

Dear Team, We got the below error continuously, Crosschecked HA configuration is good only. Pan os: 9.1.3 Device: 3020 2021-09-07 08:30:32.699 +0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2870): Ending monitor increase holdup on commit end2021-09-07 08:30:32.699 +0530 debug: ha_state_stop_increase_monitor_holdup(src/ha_stat...

VishnuPS by L3 Networker
  • 3926 Views
  • 1 replies
  • 0 Likes

Vpn in Thailand and Asia

Is there anybody working from Thailand using Global Protect vpn?I heard that the country can block vpn connection. While my company's configurations allow me working from Thai.I'm planning to relocate and want to make sure i can work from there.Would be grateful for any information, maybe you heard anything from somebody concerning Thailand or n...

Elena89 by L0 Member
  • 4168 Views
  • 2 replies
  • 0 Likes

issue if there is a one certificate profile for Windows User-ID agents and Terminal Services (TS) agents

As per below image You can only assign one certificate profile for Windows User-ID agents and Terminal Services (TS) agents. We want to enable secure communication only between User-id agent and firewall , so we will import server certificate only in user-id agent. If we apply certificate profile under Device > User-Identification > Connec...

Deepak25_0-1630874133815.png
Deepak25 by L3 Networker
  • 2869 Views
  • 2 replies
  • 0 Likes

CPS calculation per server

'Log at Session End, captures the number of connections at the session end." I am little confused by this statement. How does 'Log at Session End' help in calculating CPS for a server.https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/take-baseline-cps-measurements-for-setting-flood-thresho...

raji_toor by L4 Transporter
  • 6609 Views
  • 6 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels