General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Global Protect portal Config selection criteria combination of User group/device check/custom check?

I'm guessing others are combining these together, but is it possible to specify these together mix/match? Specifically, We have configs without a custom check (custom checkmark box UNchecked-portal/agent/configs/config selection criteria custom checks), and that are only based on AD group. But when I turn on custom checks for a different agen...

Sec101 by L4 Transporter
  • 4182 Views
  • 2 replies
  • 0 Likes

Adding ?v=panosurl to MineMeld EDL brought down our entire network

Just wanted to share this with the community in hopes that it may prevent one from experiencing the hardship that we did. We use MineMeld with our URL filtering rules. We appended "?v=panosurl" to the end of the end of the URL for our General_Block_List with the assumption that it would just reformat the output essentially removing the "http:/...

Resolved! UserID Active Directory multiple VSYS

Hello people, I have a novice question so apologies if it is too obvious to some. I have created 5 vsys and I want to use the same Active Directory server in all 5 vsys (vsys A, B, C, D,E) for userid in policies. The Active Directory is only routable via one of the vsys (vsys A). Does this mean that I should create an interface in the other 4 v...

Jedi_D by L2 Linker
  • 3537 Views
  • 3 replies
  • 0 Likes

citrix web browser application dependency

I have 2 pa 850 . devices was not able to install antivirus update due to application dependencies on web browser. our citrix servers are not set up for web browing due to security concern. is their any other solution available. our pa configuration is bump in the wire. looking for suggestions?

kushalsh by L0 Member
  • 2209 Views
  • 1 replies
  • 0 Likes

Can we configure captive portal for windows machine in palo alto which are in domain?

Can we configure captive portal for windows machine in Palo alto which are in domain? Customer do not want SSO authentication on Palo alto for machine which are in domain, while going to internet.He want captive for traffic going to internet.He want windows machine login authentication via AD, but he want captive portal for Palo Alto for AD user...

Resolved! What is file file descriptor?

Hi.I have a problem with management serves, sometimes when I try to connect to firewall by SSH I can see message "Cannot connect to management server". Process restarts itselft and connection to mgmtsrvr return, mgmtsrvr return to normal resource utilization. I also had a problem with PBP, a lot of packets was blocked by PBP. The software versio...

PA-220 - 9.1.6 - DO NOT UPDATE

Hi guys, We have had 3 PA-220's recently that have all failed and needed to be factory reset when upgrading to 9.1.6. I have a case open to investigate further but this version is still the recommended version which is worrying. Luke

LukeRath by L1 Bithead
  • 7165 Views
  • 8 replies
  • 0 Likes

Site to Site IPSec VPN Configuration to extend Enterprise Network to a remote office

I have two PA800 NGFW running in Active-Standby HA mode and they are connected to a Perimeter Switch. Need an insight about a V-P-N Configuration on my PA that is about to connect to remote office. I am new to this and I brought this here because there is a little bit more/less about this configuration for me. My office and the remote office are...

iscofate by L0 Member
  • 4496 Views
  • 1 replies
  • 0 Likes

Panorama custom reports hang

Custom reports on my Panorama (9.1.6) were working fine until this week. Today, any report i run gets stuck in "please wait" indefinitely. Nothing has changed on the machine. Any ideas what i should look for?

Resolved! Local user Identification issue

As per the below mention snap-shot, we observed user id get changed with AD user and we have allowed the internet access to local user id which is configured in Palo Alto. Due to issue user facing internet issue. We have not configure this user in AD domain, then how user id gets change in the Palo Alto automatically ? While authenticating via ...

Capture Local user Identification issue.JPG

Resolved! Schedule cli command execute

Hi all, I need schedule some cli command which i execute manually from SSH console like below; Command line 1: test vpn ipsec-sa tunnel Xtunnelname:XtunnelProxyIdCommand line 2: test vpn ike-sa gateway Xtunnelname Is there any way schedule tasks in palo alto? Regards.

Lacrymae by L1 Bithead
  • 4804 Views
  • 2 replies
  • 1 Likes

Failed to Launch Help warning pops up randomly while connected to GloabalProtect(5.1.5)

Hello everyone, most lately have started seeing a warning messaged "Failed to Launch Help" pop up randomly while connected to GloabalProtect(5.1.5). Tried looking for KB Articles around it and could not find any. Was wondering if I could get some insight on what could be causing this and how to get rid of it? Thank you,VC

changing AD user passwords through globalprotect app

Hi Community, I have the following scenario:user_1/password_1 Active Directory credentials for login into windows system and domainuser_2/password_2 Active Directory credentials only for globalprotect authentication. I´d like to know if there is a way to change the password_2 for user_2 through the GP agent application? Thank you!

Carracido by L4 Transporter
  • 2241 Views
  • 1 replies
  • 0 Likes

Resolved! PAN 5050 DDNS

Hello Team, I moved up from Fortinet/Ubiquity, bought a used PAN 5050 and upgrade the OS to 8.1.18 for a Home Use. However, since i am new to PAN during the configuration i realized PAN 5050 does not support DDNS. In my case i am home user I don't have a Static IP. As you all know, having Dynamic IP is a pain for almost all firewalls and limited...

KurdTech by L1 Bithead
  • 3547 Views
  • 3 replies
  • 0 Likes

EDL URL List Format and Subpages

I understand that for an EDL of type URL, the format is either company.com*.company.com This will include any additional subdomains, whether at the beginning or the end of the URL. Regarding the forward slash, will a URL like the following be a valid entry that will be processed? company.com/subpage/QWERTY/ Additionally, does that mean only th...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels