General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! application 'ms-ds-smb' is not a valid reference

Hello,

 

We are seeing the following error occurring when trying to commit changes. 

Validation Error: 
rulebase -> application-override -> rules -> SMB -> application 'ms-ds-smb' is not a valid reference 
rulebase -> application-override -> rules -> SMB

...

Farzana by L4 Transporter
  • 3358 Views
  • 1 replies
  • 0 Likes

Resolved! Confused About User-ID and User Mapping

Regarding the User-ID Agent (Active Directory) feature of the firewall, I’m confused as to the difference and need for either the User Mapping and/or User-ID Agent. Is the User Mapping feature replacing the User-ID agent?

The units we have were setup

...

User Activity Report Changed

Good Afternoon...

 

Today, I had my management request a User Activity Report, and it was pointed out that the report no longer contains "Detailed Web Browsing Activity" within the PDF.

 

This is the section that used to show the Application, Category, A

...

birkhojk by L2 Linker
  • 1530 Views
  • 0 replies
  • 0 Likes

Time for my annual 'GlobalProtect UI is not good enough' post

I've been complaining about GlobalProtect's lackluster UI for years now. 

 

Here's my post from 2016 complaining about the issue:

 

https://live.paloaltonetworks.com/t5/General-Topics/New-Global-Protect-3-0-is-not-good-enough/td-p/75922

 

Here's my post fr

...

pmc by L2 Linker
  • 4021 Views
  • 3 replies
  • 4 Likes

GlobalProtect Panel suppression

We have Global Protect set up to use user-logon and use user certificastes issued by our PKI to authenticate users.  When a user logs in while connected to an external network, it connects just fine.  But when a user logs into windows while connected

...

ACC Dashboard

So I know that within in ACC dashboard there is a Risk  Score Displayed. There is also  Rule list that  that shows  risky app assosciated  rule name . My question  is  does Panorama give you overall risk score  for the rule itself? For example what i

...

PA-5220 AUX ports SFP+ module attributes

Hi

 

I found this

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-check-the-media-type-on-the-interface-of-a-Palo-Alto/ta-p/71362

 

which gave me this

show system state filter sys.s1.p*.phy

 

But this I don't think shows me aux1 or aux2.

 

Any

...

Aged-out issue

Hi,

 

I have configured PA on Azure but it is unable to ping to PA.

It always shows that "aged-out" as error message.

Once I ping to proxy-server on Azure, the log is shown on PA but it is aged out and could not get the response.

I did set up Static route

...

Resolved! IKEv2 Site to Site VPN to Cisco ASA5540

Hi folks,

 

Are there any Cisco ASA specialists out there?

We have a problem with a site to site vpn connection between paloalto and an ASA 5540. Actually the problem seems to be on the ASA side.

 

The proxy id's on the PA are configured like this:

Remote

...

Remo by L7 Applicator
  • 5348 Views
  • 6 replies
  • 1 Likes

Resolved! Two Site to Site VPNs with the same external subnet.

I have a Site to Site VPN to a customer and they are using 192.168.5.0/24.  I have a new customer using the same subnet.  I have configured this on a Cisco ASA using PAT.  I am fairly new to Palo Alto firewalls and do not know how to configure this.

...

Resolved! session per second

hello everyone , is anyone knows that how to view the number of new sessions per second on paloalto ? my pan-os version is 7.1.8 .

Kumasan by L1 Bithead
  • 8254 Views
  • 2 replies
  • 0 Likes

How to connect to vpn from commandline on MACOS Sierra

I work at a company where we use various version of MAS OS X and connect to client VPNs that use various verison of Global Protect. The problem is that we find many conflicts between versions of GP and the host OS and there cannot be two version of G

...

moe.py by L0 Member
  • 6268 Views
  • 1 replies
  • 0 Likes

Resolved! Getting to internal servers

Hello all, 

 

I have a Guest/BYOD Wireless Zone that can get out to the internet just fine. The internet & internal network can get to my webservers just fine. The problem im having is that my Wireless zone can not get an internallyu hosted website fro

...

Panorama Logs Delay ~1 hour

Our Panorama is showing logs  (threat,url, etc...) about an hour after they occur on the firewalls.  

Is this normal behavior?  I'd like to be able to see the logs in near real time as they occur, otherwise the Panorama logs don't have much use if we

...

ECPP by L0 Member
  • 4420 Views
  • 2 replies
  • 0 Likes

PA-3060 Dataplane

Hi Fellow Palo-Alto-ers,

 

Hoping this amazing community can help me shed some light on something!

 

I have a PA-3060 running PAN-OS 8.0.2. I am wondering what would be considered high dataplane CPU utilisation for this particular platform i.e. at what p

...

  • 24290 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors
Labels