General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

runas command and user-id monitoring

How are you guys managing the "runas" command alongside user-id.  In our test environment, I'm finding with the user-id windows agent, you get the last login event from the domain controller, with the new "runas" user.  Once that times out- no more i

...

Sec101 by L4 Transporter
  • 3695 Views
  • 4 replies
  • 0 Likes

Resolved! Configuring HA2 interface on a non-HSCI port?

With a pair of 5220s, how does one set up HA2 on a port that is not HSCI, for an Active-Passive HA environment? 

 

When I go to configure HA2, either with the GUI or CLI, the only interface I can choose is the HSCI port.  But I do not have the quad tra

...

Port Translation very slow

Hello,

 

We setup a inbound NAT to direct port 443 to a server on-site on 10.x.x.x and it all worked fine and fast - then it turned out we needed to adjust it to port 4443 as the customer was using port 443 for inbound client VPN connections of course.
...

Resolved! A few questions

Afternoon


Firstly I want to say I really like this product, it has endless possibilities in improving internal security in our environment.

 

I have a few questions I hope you can help me clarify so I understand how to use the product better.

 

I am

...

Resolved! Auto populate portal address global protect

We are looking at internal only with no tunnel for global protect for user-id.  Is there a way to autopopulate the portal address so a user would only have to enter credentials and not enter portal address manually?  Looking to push this out, and thi

...

Sec101 by L4 Transporter
  • 3749 Views
  • 1 replies
  • 0 Likes

Resolved! HA Link and Path Monitoring

We've configured HA Active\Passive on a pair of 5250's running PAN-OS 8.1.5 and it works a treat and pre-emption also works as expected.

 

I've configured Link monitoring so if we get an HA failure if the trusted links fail which works and it fails ove

...

JonHill by L1 Bithead
  • 7557 Views
  • 11 replies
  • 0 Likes

Use XML API users in policies

Hallo,

I successfully configured an WLAN-Accesspoint to send users via the xml api.
I can see the users in the log entries but I cannot select the users in particular policies. Looks like the users are not known to the firewall.

Do I need to create loca...

tsauter by L0 Member
  • 2182 Views
  • 3 replies
  • 0 Likes

Resolved! Dedicated Logging Export Interface on PA 5220?

By default, I know that you can send all of your logging messages out the onboard management interface, on a platform like the 5220.  However, I would like to avoid the extra noise on my management network, by configuring separate, dedicated interfac

...

Static Route monitoring and NAT

I'm having an issue with my NAT policy. 
I've configured a backup ISP connection with a static route and a higher metric. When the primary ISP connection fails the routing portion works correctly and I can see the primary default route get removed fro

...

Modo2016 by L1 Bithead
  • 2293 Views
  • 2 replies
  • 0 Likes

Change interface virtual router cause network down

My network has 2 outgoing data lines. Using one virtual router and set static default route for the 2 interfaces. The 1st interface has its Metric set to higher priority. As I want to divide the traffic. Some zones were force to use the 2nd interface

...

jeremylo by L3 Networker
  • 2778 Views
  • 3 replies
  • 0 Likes

Force to Use Certificate

Dear Friends !

as i study PAN 7.0 if there is no Certificate installed in Client PC, PAN can not read https secure sites

in this is if i block youtube or other social websites and client uninstall CA from its browser he/she will be able to open blocked

...

  • 23554 Posts
  • 106 Subscriptions
Labels