General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Palo alto not blocking a URL

Hi All,

 

I hope all are doing well.

 

I am trying to block a URL on palo alto firewall using custom URL category but firewall is not blocking the traffic and its passing through allow SSL/Web-browsing rule just below it.

 

This is the rule i created:

 

Rule

...

Ankurdatta_0-1594630363624.png
Ankurdatta_1-1594630694984.png

GP password expiry error

Some of our users are getting password expiring msg when they are connecting via GP but when we checked their ldap accounts the password is set to never expire.PANOS version is 8.16-h2 and Global Protect Agent is 4.1.10 is there is bug.Please suggest

...

Joshan_Lakhani_0-1594884592222.png

Site disconnect and backup issue

we get a lot of site disconnects and backup reports that are constantly in a state of being disconnected this will effect performance as the connection gets closed. please advice. thanks

Resolved! Command to Not Display Names in the CLI?

In the Cisco ASA at the CLI there is a command to not display names but their IP addresses: no names.

Is there a similar command in PAN-OS; I'm using v 8.1.13? My goal is to list/export NAT policies without names as the individuals who will review thi

...

TCP-RST-FROM-CLIENT

Hi,

 

I have allowed a FTP session. However, the FTP session does not connect. When I search the logs, the traffic is allow however the session end reason is tcp-rst-from-client.

 

Please advice.

 

Thks and Rgds

AhDon79 by L0 Member
  • 36853 Views
  • 14 replies
  • 1 Likes

global resource counter appid_post_pkt_queued

Hello,

someone know what means this counter increasing?

appid_post_pkt_queued    4294967293 826432036 info      appid     resource  The total trailing packets queued in AIE

 

and this?

dfa_sw                   4415      849 info      dfa       pktproc   T

...

Marivi by L2 Linker
  • 3206 Views
  • 1 replies
  • 0 Likes

any solution to keep tracking user IP mapping?

One of my customer is requesting me to track user IP address when he move from his desk to meeting room, and vice versa.

He carries his laptop, he use same ID account on AD, but his IP address will be changed when he moves around.

 

I know he needs to g

...

emr_1 by L5 Sessionator
  • 4322 Views
  • 3 replies
  • 0 Likes

Resolved! What can I do with a Global proect subscription?

(posted this in the global protect forum, but this seems to get more traffic, and maybe more suggestions, so I moved it here)

 

So I'm about due to retire my old 3050's and upgrade to 3250's - and this time I've convinced management to buy me the globa

...

darren_g by L4 Transporter
  • 4535 Views
  • 6 replies
  • 0 Likes

traffic segmenation affect app-id

Hi

 

So I am working through a ssl decrypt issue with PA support. I am being told that because the stream is being segmented - so not coming as 1500mtu packets. the PA can't work out what the stream is.

 

The implication is that app-id doesn't work prope

...

Hardware Problems in PA 3220

I had similar problems in 4 firewall pa 3220 in which I could not even enter maintenance mode to take it to the factory reset mode and I had to send them via RMA to the 4 firewalls  for their change. Someone had a similar problem ,  to me a lot of at

...

URL 9.0 URL Category Cache Build Time?

How long does it take for the URL categories to build in the 9.0 release?   We have an issue with google-base app, where almost all google searches come back as the 'not-resolved' category for the first 5 minutes when we change datacenters.   8.1 you

...

Sec101 by L4 Transporter
  • 2738 Views
  • 2 replies
  • 0 Likes

Resolved! Shadow Rule Notice - Really Not a Shadow

I have a firewall (lab unit) with version 9.1 and I configured two Security Policy Rules.

The top rule (1) is Trust to Untrust, a source user is a group, all default options, and an Action of Deny.

The second rule (2) is Trust to Untrust, a source user

...

  • 23591 Posts
  • 103 Subscriptions
Top Solution Authors
Top Liked Authors
Labels