General Topics

least privilegews needed for the auto backup admin account

I have a SNMP server doing a backup regularly of my firewall's configuration.
At present, I have super-user permissions on that account. What are the least privileges needed for this type of account? also, any best practice to protect the access?
thank

URL filtering behavior when used in conjunction with web proxy

Hello guys,

I'll make it as short as possible. The summary of our system is below.

• Client PCs use must use an internal web proxy ("Proxy" in the diagram) when they want to access the internet.
• The internal web proxy then forwards the proxy connection t

how can I generate url logs for an allow rule with url category selected but not url filtering prof?

how can I generate url logs for an allow rule with url category selected but not url filtering prof?

Firewall receiving a HTTP 401 error when trying to access the Minemeld server

Hi All, 

I've configured an external dynamic access list with the relevant account username/password to reach our minemeld server. When I test the connection however using 'test source url' in the external dynamic list configuration, this fails wit

6.1.3 update issue: Threat database handler failed

Hey all-

I tried updating a test box to 6.1.3 and encountered the error in the title. Per other threads, I tried manually downloading the latest content version and installing but it resulted in an error during install.

Has anyone else encountered thi

Panorama pushed zone not applied to subinterface

Its a new firewall, with 2 interfaces in AE, zone configured and pushed through panorama template.

When configuring L3 sub-interface for this AE interface, i can configure ip, vr but the security zone would not get applied to it.

Both firewall and pano

Mac taking very long time connecting to global protect gateway and sometime they gets dropped

Mac taking very long time connecting to global protect gateway. We are using the clinet version 4.1.11-9.
Pre-log on always on VPN.  It tries and tries until it connects. Sometimes it drops the VPN and tries to reconnect. All I see suspicious  from th

show objects registered-ip all

What does the below mean:

received from user-id agent  #: persistent

I'm finding that some addresses are registered to a tag that I don't believe I've created, - a "Palo-URL-and not entirely sure where it came from.... however I'm reading that a rest

Group mapping settings not listing AD groups in GUI

Hi, 

I am trying to configure user-id based authentication in Palo Alto 5220 (Pan OS 9.0.2). I have integrated Palo Alto with AD using LDAP profile. I am not able to add the AD groups in the "Group Include" list as they are not being listed in the GU

3rd Party device connectivity with PAN 10G transceivers.

Has anyone used the PAN-SFP-PLUS-CU-5M twinax cables and connected them to Cisco Nexus 5500 series switches?  If so did everything just work?