General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

TRAPS Logs 4.1.2 to panorama 8.0

Hello, I have tried push logs to panorama by KB link but I have still same error message "Connection to pan.xxx.xx:23001 failed.I am using TCP 23001 without SSLDo someone have same problem? https://www.paloaltonetworks.com/documentation/41/endpoint/endpoint-admin-guide/reports-and-logging/forward-logs-to-panorama/enable-log-forwarding-to-panoram...

How to limit global protect for specific android/ios users?

I have an interesting scenario. We have windows users accessing global protect. I am looking to buy gateway license to enable a set of users(10) out of 400 users to use android/iphone to connect to vpn. We have IBM MaaS360 MDM installed on phone to collect mobile attributes. Is there a way I can enforce a policy to limit specific users to use m...

Tunnel Monitor

Hi Members While setting up the Tunnel monitor, what would the destination IP on the ipsec tunnel. Is it the IP of the peer? and where does the alert gets generated, within the PA system logs? Regards,

R_Sharma by L2 Linker
  • 2992 Views
  • 1 replies
  • 0 Likes

Resolved! Logging Searches

Is there a way to log or record user searches on the firewall or panorama for auditing purposes? There are a lot of information in the Monitor tab that can be potentially misused, so we'd like to record the searches in that tab. Thank you.

Resolved! packet drops on traffic going through IPsec tunnel.

Hi,We are getting packet drops on traffic going through IPsec tunnel.We have checked ISP link but there is no drops on ISP link even no load on it. Tunnel is aslo up but getting intermittent drops on traffic goint on IPsec tunnel.We have checked both end firewall but no sucesses.Kindly help.uleThnaks & RegardPradeep Chaugule

Resolved! Custom Reports takes ages

Greetings All,I am presently running PanOS 5.0.4 on a PA-500 HA. When I try generating a custom report for "URL Log" for a period of 7 days for Top 50 grouped by Top 50 groups with the URL consisting of porn and category not equal to web-advertisements, it takes ages to generate the report i.e. approx. an hour and then when I try to export in e...

After upgrading to 8.1.1 VPN always on pre-logon->user-logon failings

Wondering if anyone else has seen this? We upgraded to 8.1.1 from 8.0.8 this morning and immediately had users reporting their VPN client prompting for credientials over and over again forever. The firewall says invalid username/password hwoever we can cerifiy this is not the case using the CLI test commands... Rolling back to 8.0.8 resolves the...

commit_warnings_on_8.1.1.png
hshawn by L4 Transporter
  • 3684 Views
  • 5 replies
  • 0 Likes

Anyone use "Expired Active Directory Password Change for Remote Users" in PAN version 8.1 and GP Ver

Hi,Anyone use "Expired Active Directory Password Change for Remote Users" in PAN version 8.1 and GP Version 4.1?https://www.paloaltonetworks.com/documentation/41/globalprotect/globalprotect-app-new-features/new-features-released-in-gp-agent-4_1/expired-active-directory-password-change-for-remote-usersDoes it work? Can you do it with LDAP or do y...

junior_r by L3 Networker
  • 3968 Views
  • 3 replies
  • 0 Likes

UDP log that hit any deny rule and show allow

Hello, i have a question about UDP session rule 34untrust anytrust anyapp icmp, traceroute, pingservice anyaction allow rule 214any any deny you can see allow log hit rule 214i found similar case about tcp.https://live.paloaltonetworks.com/t5/Management-Articles/Action-Configured-in-Security-Rules-and-Seen-in-Traffic-Log-is/ta-p/62785 i think ...

20180616_111325.png
hbshin by L2 Linker
  • 2765 Views
  • 3 replies
  • 0 Likes

Moving a Layer Two Switch between FW pair and Edge Router from ISP Issue

We are attempting to move a pair of VCP'd layer 2 switches between our ISP's CIENA and our PA 5220 pair. Our ISP is only giving us a single handoff so we were attempting to plug the handoff into the layer 2 switches (nexus 9ks with VCP) on a access port with vlan 602. The switches also have trunk ports connecting to the Palo Alto's with LACP.W...

davic09 by L0 Member
  • 2491 Views
  • 1 replies
  • 0 Likes

World Cup 2018

Anyone have a custom APP-ID to block world cup 2018? or is palo going to release one?

Ntripp by L1 Bithead
  • 5533 Views
  • 5 replies
  • 0 Likes

Resolved! Taxii Feed Error

Dear all, today my Taxii Output stopping working, in minemeld-engine.log i see these errors: 2018-06-15T13:23:33 (24179)actorbase._actor_loop ERROR: CyberSOC-taxiiDataFeed-Test - error executing ActorCommand(command='update', kwargs_={u'source': u'MISP_CyberSOC_anyEvents', u'indicator': u'https://pastebin.com/v10rKA6d', u'value': {u'confidence':...

rafy92 by L1 Bithead
  • 6853 Views
  • 5 replies
  • 0 Likes

Failed to resolve domain name

Hi,i get in the system monitor a message Type dnsproxy and event resole-fail mgmt-obj 'Failed to resolve domain name:server.domain.com after trying all attempts to name server(s): IP_from_internal_DNS 8.8.4.4 'and i dont know why.I have set and Object for the server.domain.com DNS Name to the IP but error comes again.In Device -> Setup ->...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels