General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Deploying VM-Series in the datacenter

 

 

Hi all, 

 

I'm looking to deploy a vm-series firewall to monitor and take action on east-west traffic between the VMs that are deployed on my Hyper-v cluster and need additional info/best practices for a successful deployment. Has any one ever design

...

How to add/create local user password directly via CLI?

PA500, test unit running PANOS 3.1.4

When I enter a local user via the GUI, the corresponding XML in the configuration file is as follows:

<shared>

    <local-user-database>
      <user>
        <entry name="testuser">
          <phash>$hashvalue$</phash>
 

...

rahmant by Not applicable
  • 3977 Views
  • 5 replies
  • 0 Likes

Resolved! Command line "show session all" limited to 1024 entries

First some information on the use case:

  • 500 users
  • each user is generating approximately 10 simultaneous sessions => 5000 simultaneous sessions

I would like to get the amount of current sessions per user, from the command line.

 

I currently use the API to

...

Migrate PA-500 to PA-820

Hi,

 

I have a customer with a PA-500 cluster in version 6.0.3 out of support and has bought some new PA-820 that come with version 8.0.0.

 

As the PA-500 are not supported and I do not want to update them to version 8.0.0, is it possible to load the xml

...

How to recover Radius profile shared secret ?

Folks- Any idea how to recover shared secret of  Radius profile which is set  to verify and encrypt the connection between the firewall and the RADIUS server ? 

Is there a more system:runnig config CLI command  like Cisco in PAN firewalls which can he

...

image.png

Traffic log of non-authenticated captive portal sessions

I read this clear and useful article from @arsimon : Non-Authenticated Captive Portal Session Will Not be Logged by the Palo Alto Networks Device

 

 

These non-authenticated captive portal sessions can represent quite a lot of data. For example (after s

...

Emergency Palo Alto Networks Content Updated

 

Version 747

Notes:

This emergency content update provides coverage for recent generic exploit host page updates that have been seen in the wild. We recommend that you upgrade all devices to the latest Applications and Threats content version and revie

...

Resolved! Policy Commit Failed

Hi All,

 

recently I  have created an interface in Firewall which is managed by Panorama. Now after creating the interface, I am not able to push configuration on Firewall and getting below error. Can someone please help me?

 

Below is the error.

 

+++++++

...

Resolved! Looking to get started with SSL Decryption

I'm currently reading articles on this site on how to set this up. I was hoping someone could point me to a guide or tell me a very basic test set up for this feature on the P.A. Thanks in advanced.

User-id not working correctly

Hi All!

 

i have a issue with the user-id feature: some users are not recognized by the PA device: if i check the logs searching for the username i see the last access some days ago, but if i search for his ip he is doing traffic.

Even checking via CLI

...

DKanta by L3 Networker
  • 3185 Views
  • 6 replies
  • 0 Likes

Untrust to Untrust

Should the untrust to untrust be denied. As the defalt interzone traffic allows everything.

 

untrust to untrust rules for us are ether used for IPSEC or global protect. It seems to me blocking this traffic effects detecting SCANS.

raji_toor by L4 Transporter
  • 4636 Views
  • 2 replies
  • 1 Likes
  • 24289 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors
Labels