Resolved! Take PCAP from the mgmt interface using the UI
Hi All, Is there a particular reason why this option is only available from the CLI? Thanks,Myky
Hi All, Is there a particular reason why this option is only available from the CLI? Thanks,Myky
I'm using the PA's integrated User-ID Agent to setup User-ID. The moment I began monitoring DC controllers it begain to pull User-ID mappings. This is before User-ID was configured on any zone. However, when I configured User-ID on a source zone, the firewall doesn't getting any user mappings from that source zone. Select IP addresses (approx. 5...
This is a new one for me. My system is showing "active" (in active/passive) but the GUI is frozen and I see the following on the dashboard: PANOS 8.1.9 From the dashboard
I installed the MineMeld VM on my ESXi box yesterday and it came up just fine, I can login to it from the VM Console, the web console, and over SSH. I've edited the /etc/rsyslog.conf file and /etc/iptables/rules.v4 so that syslog data is coming in from the firewall to the /var/log/syslog file. Question: How do I get MineMeld to process the sys...
My company is moving a few servers from an old data center with an ASA to a new data center with a Pal Alto. A lot of the rules for the old server on the old firewall are showing port numbers only. I would like to use application ID as much as possible and don't know how to find out what applications use these ports. I know I can google a por...
I got an issue to update a cert on PA pair.The issue is very similar to what it describes underhttps://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldECASI import the new cert to both PA FW units and change config to use the new cert. However it comes with config out-of-sync issue and somehow the new cert on passive unit is...
Just a note here that I am getting a cosmetic warning during commit of a newly-upgraded PA-220 (my lab box) to PAN-OS 9.0. Prior to the upgrade, I had a static route in my virtual router, to redirect all traffic going to 192.168.1.0/24 to my tunnel.4 interface (which is an IPSec tunnel to another firewall). The route does not specify a next-h...
we are using Paloalto PA-5220 PAN-OS 8.0.7 virtual firewall. using a third tool we trying to fetch the policies using the command "show running security-policy". when the command is entered it stays still and the policies are not shown. It happens sometimes only. But other times we are able to fetch the policies correctly. couldn't able to find...
HI,when do we use the destination nat ,source nat and identity nat I mean what is the use cases for the above Thanks
We have an issue with an interface that is talking weirdly. We have changed ports to rule out hardware, and I can work ok with a laptop in the same switchport. The line comes from Verizon's media converter to a switch that is connected to the pair of HA firewalls and an HA pair of load balancers that use different addresses in the subnet. The ...
Anyone have a good document or link on the windows user-id agent for monitoring VM information sources? Looks easy enough to setup on the windows agent, but how does it monitor/parse logs and what exactly does it do when making the connection/permissions for the account?
Need to know this--- when we plug the Laptop on Management port and assign it ip 192.168.1.3 we can then access web gui 192.168.1.1 how?normally management port is up when you connect that it to switch that make sense to me.but here it is connected to PC with IP 192.168.1.3Here both ends of the cable are connected to PC and PA management port.Ho...
I'd like to create a script or some kind of quick method to disable a PBF rule. We have a dual-ISP setup, and sometimes one ISP will get extremely slow. But it doesn't actually go down, so it doesn't trigger the PBF rule, and we're left with nearly unusable internet.As the only "firewall guy", they basically have to wait on me to disable a PBF r...
Dear community We are dealing with a request for a firewall rule which is supposed to allow SMB traffic (TCP 445) to a wildcard destination like *.subdomain.example.com out on the internet. So this made me think about how we should implement such a rule and I am not even sure it can be done or at least I don't know how. If this would be HTTP/HT...
Hi All, Were running 7.1.14. Ive created a rule to allowed ms-rdp to the rule. Ive checked first if ms-rdp has any dependencies, there is none. It implicitly uses cotp and t.120. So from what i understand from the meaning of Implicitly uses, i only need to allow the main application which is ms-rdp and in turn it will allow implicitly cotp and t...
| Subject | Likes |
|---|---|
| 4 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 5 | |
| 4 | |
| 3 | |
| 3 | |
| 2 |

