General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

MineMeld docker based on centos / rhel?

Hello! I have been looking for a docker image that is based on Centos / Rhel and not Ubuntu, but I cannot find any. Is there any image beeing worked on? Also, the Docker image runs root inside, which I cannot seem to change as I get the following errors: runsv nginx: fatal: unable to open supervise/lock: file does not existrunsv minemeld: ...

Resolved! Do BGP and OSPF have to have same router-id on a virtual router ?

Hi, I'm running BGP and OSPF on same virtual router and whenever I commit a change, I get the following warning: In virtual-router VR_1, BGP router-id 1.1.1.1 is different from OSPF router-id 10.1.1.1.Since I'm getting warned about it, I'm thinking it probably is preferred for BGP and OSPF to have same router-id on a given virtual router. It's...

Resolved! User-ID Redistributed users not the log file

Hi Guys, For one our customer we have two virtual cluster - frontend and backend firewalls. On the frontend firewall we have Global Protect enabled, with LDAP and User-Group Mapping, assign different access for different user group. Connected users should be able to reach some internal resources behind the backend firewall as well.We have config...

Resolved! Any way to de-auth a user outside of SSH?

I know that we can force a logout for a user from the captive portal on the CLI as shown in the link below but is there a way to access this functionality through the web management portal? https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Force-Captive-Portal-Re-Authentication/ta-p/57746

Lcroce by L1 Bithead
  • 3943 Views
  • 5 replies
  • 0 Likes

Resolved! Panorama Certificate Profile Breaks Refresh

Hello Folks, I have a strange scenario and am most likely missing something. I created a CA cert from a new Panorama template. I installed into the MineMeld server and verified the cert is showing up via google chrome. I then created a certificate profile and tied the CA cert to the profile. I then created a new External Dynamic List with the...

Resolved! How to deactivate virtual PA firewall with API

Trying to deactivate a PA-VM firewall with the API. First I add the Licencing API key to the PA with the firewall API: In order to hide my real values, let's use: myfirewall.corp as my firewallcxvzvxvcxvczc as my firewall's API keydgshgdjsgdjsgj as my licensing portal API key. So for the deactivation process, I'm gonna add the licensing portal A...

Panorama/Palo Alto Design Query

Greetings Folks, I have a Design and deployment Question. Our company have 3 Data centers located at three different Geographical Locations. We have a project to deploy Palo Alto 5200 Series Appliance in the environment as IPS appliance, Now we Have the count of 8 appliance in the Environment, So if i am to use the pa...

Resolved! highlight unused rules highlights rules possibly used in the past

HelloI have a query where the highlight unused rules is showing rules as unused, which possibly were used in the past. The security policies were created based on traffic log reports and the same security policies are now showing as unused. I see that the feature says unused since the last reboot, however the device has not been rebooted since t...

List of application where PA skips credential detection

Hello. PA supposedly doesn't check credential submission on some apps. »The firewall automatically skips checking credential submissions for App-IDs associated with sites that have never been observed hosting malware or phishing content to ensure the best performance even if you enable checks in the corresponding category. The list of sites on w...

Native VPN client

The native client on my windows machine does not seem to be authenticating against my radius/otp/ldap server and my globalprotect client is getting through the portal but failing on the gateway. Any ideas why or how to track it down?

jdprovine by L4 Transporter
  • 9779 Views
  • 29 replies
  • 0 Likes

Resolved! SFTP sometimes just hitting SSH app and sometimes Enhanced File Transfer

I have an egress rule that permits port 22 which should include sftp. And for the most part it works. But I had a user go to a particular sftp site useing filezillaand the PAN 5060 identified the traffic as "Enhanced File Transfer" and the traffic didn't hit the egress rule and was blocked. Why would filezilla/winscpwork fine - seen as plain ssh...

heartbeat connection

What is the best way to set up a heartbeat connection between and active and passive pair of firewall. We currently have a PA 5050 pair, in different buidling quite a distance away from one another and the heartbeat connection is through the network via ethernet and a switch. We have had it go into a split brain situation when power is lost on o...

jdprovine by L4 Transporter
  • 6686 Views
  • 12 replies
  • 0 Likes

GlobalProtect for User-Id Without Auth?

Hi All! We're an all-Mac shop, but we use AD for authentication (for now). GlobalProtect "External" is working great for external access, with authentication to AD. Now we'd like to map IP to Users INSIDE our LAN. My primary goal is to link URL Filtering alerts and other threat analysis to a specific user.Perhaps a naive question - When talk...

  • 24397 Posts
  • 123 Subscriptions
Top Solution Authors
Labels