General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

GP password expiry error

Some of our users are getting password expiring msg when they are connecting via GP but when we checked their ldap accounts the password is set to never expire.PANOS version is 8.16-h2 and Global Protect Agent is 4.1.10 is there is bug.Please suggest

Joshan_Lakhani_0-1594884592222.png

Site disconnect and backup issue

we get a lot of site disconnects and backup reports that are constantly in a state of being disconnected this will effect performance as the connection gets closed. please advice. thanks

Resolved! Command to Not Display Names in the CLI?

In the Cisco ASA at the CLI there is a command to not display names but their IP addresses: no names.Is there a similar command in PAN-OS; I'm using v 8.1.13? My goal is to list/export NAT policies without names as the individuals who will review this will recognize IP addresses.Thanks for any help. Jeff

TCP-RST-FROM-CLIENT

Hi, I have allowed a FTP session. However, the FTP session does not connect. When I search the logs, the traffic is allow however the session end reason is tcp-rst-from-client. Please advice. Thks and Rgds

AhDon79 by L0 Member
  • 44446 Views
  • 14 replies
  • 1 Likes

global resource counter appid_post_pkt_queued

Hello,someone know what means this counter increasing?appid_post_pkt_queued 4294967293 826432036 info appid resource The total trailing packets queued in AIE and this?dfa_sw 4415 849 info dfa pktproc The total number of dfa match using softwareaho_sw 4410 848 info aho ...

Marivi by L2 Linker
  • 4146 Views
  • 1 replies
  • 0 Likes

any solution to keep tracking user IP mapping?

One of my customer is requesting me to track user IP address when he move from his desk to meeting room, and vice versa.He carries his laptop, he use same ID account on AD, but his IP address will be changed when he moves around. I know he needs to generate EVENT LOG on AD to pick up the latest info by UIA, but I have no idea how to...Does he ne...

emr_1 by L6 Presenter
  • 8861 Views
  • 3 replies
  • 0 Likes

Resolved! What can I do with a Global proect subscription?

(posted this in the global protect forum, but this seems to get more traffic, and maybe more suggestions, so I moved it here) So I'm about due to retire my old 3050's and upgrade to 3250's - and this time I've convinced management to buy me the global protect subscription by pointing out that the changes in the way it operates after software ver...

darren_g by L4 Transporter
  • 6021 Views
  • 6 replies
  • 0 Likes

Refund request for VM-Series Next-Generation Firewall Bundle 2

I have used VM-Series Next-Generation Firewall Bundle 2 (sold by Palo Alto Networks Inc.) in AWS for learning purposes. But it charged me $1,887.32 that I can't afford. In the beginning, When I use these services, the web tells me these are free services for 1 year .and not tell me the VM-Series Next-Generation Firewall Bundle 2 has 15 days-tria...

ZiZiHo by L0 Member
  • 2573 Views
  • 2 replies
  • 0 Likes

Computers in remote clinic need to communicate with on prem server

We have just brought some remote clinics online. We have a point-to-point between our PA5520 at the main hospital and a PA820 at our remote site. We're routing between P2P with static routing at the moment. Data/Voice is working, as the VLANs are on the remote site switches themselves. However, we've been asked to get another VLAN working that i...

Downtown_remoteclincs.jpg
lsaintig by L0 Member
  • 2922 Views
  • 1 replies
  • 0 Likes

traffic segmenation affect app-id

Hi So I am working through a ssl decrypt issue with PA support. I am being told that because the stream is being segmented - so not coming as 1500mtu packets. the PA can't work out what the stream is. The implication is that app-id doesn't work properly unless you have full 1500mtu packets. I thnk my SE is agreeing - not 100% sure. I am a bit lo...

Hardware Problems in PA 3220

I had similar problems in 4 firewall pa 3220 in which I could not even enter maintenance mode to take it to the factory reset mode and I had to send them via RMA to the 4 firewalls for their change. Someone had a similar problem , to me a lot of attention that firewalls with very good MTBF have this type of problem if someone knows something...

Resolved! How can I allow an application on default and a non-standard port?

I have a Security rule that allows Oracle traffic between two subnets. The problem is that three Oracle servers use standard port 1521, and another Oracle Server uses a non-standard port 13062. I know that I need to allow the non-standard port in the rule, but that breaks traffic on the standard port. For now, I have explicitly added the stan...

kcampion by L1 Bithead
  • 6889 Views
  • 4 replies
  • 0 Likes

URL 9.0 URL Category Cache Build Time?

How long does it take for the URL categories to build in the 9.0 release? We have an issue with google-base app, where almost all google searches come back as the 'not-resolved' category for the first 5 minutes when we change datacenters. 8.1 you could just re-download the seed database, and we never had a problem. 9.0 there isn't such a...

Sec101 by L4 Transporter
  • 3443 Views
  • 2 replies
  • 0 Likes

Resolved! Shadow Rule Notice - Really Not a Shadow

I have a firewall (lab unit) with version 9.1 and I configured two Security Policy Rules.The top rule (1) is Trust to Untrust, a source user is a group, all default options, and an Action of Deny.The second rule (2) is Trust to Untrust, a source user is a group (different from above), all default options, and an Action of Allow. When I commit th...

Migrate pa vm to pa 820 facing issues

Hi to all,one of our customer migrated their complete infrastructure from PA VM to PA 820 physical device.post migration they are facing issues like, they have generated report and seeing PA 820 and PA VM as well. but here thing is, customer doesn't want see PA VM. He wanted to see only PA 820 physical device. and it showing, it misses some gap...

RameshD by L0 Member
  • 2697 Views
  • 3 replies
  • 0 Likes
  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels