General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Whats wrong with my xpath??

Hi all, trying to delete a single object from a static address-group. Why does it keep deleting entire group?? My syntax below: https://x.x.x.x/api/?type=config&action=delete&key=LUFRPT1BeWFJamVEYmdUV0JXZTdjNlFzOUMzdmhOaXM9RkdEb0lMT1g1WVNhMk9mL3&xpath=/config/devices/entry/vsys/entry[@name='vsys2']/address-group/entry[@name='clyde']...

Using unlicensed VM100.

I have a VM-100 on VMWare ESXi running 7.0.4 . The demo license has expired for VM.Would I be able to us it for testing still ( not using any url,threat features). I am see speed issue from trust to untrustand traffic just trickles.

How can I get dual ISP with DUAL IPSEC Tunnel to work with static routes and no tunnel monitor?

HI, How can I get dual ISP with DUAL IPSEC Tunnel to work with static routes and no tunnel monitor? I want the IPSEC tunnel to only failover when the primary circuit goes down. Problem I am having is the static route metrics is not taking over when the primary ISP and primary IPSEC tunnel goes down. Metric is 10 for primary tunnel and 20 for bac...

junior_r by L3 Networker
  • 3912 Views
  • 3 replies
  • 0 Likes

FQDN jobs FAILED

Hi, We have added several FQDN objects and its not working. If we run update.symantec.com (Objectname update.symantec.com):Not resolvedus.archive.ubuntu.com (Objectname us.archive.ubuntu.com):Not usedxxxxxxx (Objectname HOST_xxxx13):Not resolved 2017/04/25 13:35:54 29960 FqdnRefresh FIN FAIL 13:36:042017/04/25 13:31:44 29959 FqdnRefresh FIN FAIL...

Resolved! High number of logins to AD

Good day, Is it normal for the account that the FW uses to get the user-id information from AD to have a high number of logins? Across our entire network, this account is over 90% of all of our successful logins. It just seems that this account is logging in way too much. Thanks

Resolved! LAN users cannot reach GP users

Hi All, I've one inquiry where the client used to have an issue where the GP users can reach the LAN users but not vice versa.Users in LAN and GP are on the same zone (Trust) but only GP can ping the LAN. The tunnel of the GP doesn't have an IP address by default, I've tried to add an IP address for the tunnel but its still not working. Nothing ...

How to disconnect remote users at a specific hour

Goodmorning,I need to disconnect one or more users from Global Protect VPN at a specific hour.I try to explain, I don't want that after 7pm the remote suppliers can work on my net. I can't use the scheduled policy rules becouse the sessions started before 7pm (for example Remote desktop or ultraVNC) will stay active.So I have thought to disconne...

FassaSRL by L1 Bithead
  • 8605 Views
  • 5 replies
  • 0 Likes

Resolved! URL Filtering Issue

Hi, Without URL Filtering in the Security Profile of the policy, we can access vimeo.com but with URL filtering profile, getting error message below in IE, Chrome and also on the phone. No proxy used, no SSL decryption. This is happening to the category 'continue' and https.Streaming-media is in Continue Categories. Below is a screenshot of the ...

Error.png
DetailedLogView.png
Farzana by L4 Transporter
  • 4584 Views
  • 4 replies
  • 1 Likes

Source zone - source address

If you enter a specific source zone but any for the source address what traffic is really allowed? Does is only allow addresses that are listed in the specified zone or is it truly any IP address?

jdprovine by L4 Transporter
  • 7993 Views
  • 11 replies
  • 0 Likes

Feature Request - Security Profile policy

Hi, One thing about configuring security profiles is that when I like to change a security profile, there are so many security rules to update with the correct profile. I know I can change the profile itself and all policies using that profile will be affected but that is not always what I want. In my view it would be much better to place securi...

mgusta by L2 Linker
  • 4388 Views
  • 3 replies
  • 0 Likes

Problem Global Protect Behind NAT

Hello I have the following scenario: -PA-3020 Edge Firewall who provide as internet access-PA-200 LAN Firewall behind PA-3020 We are triying to configure Global Protect access for GP-200. -I have a fqdn for the portal and gateway access which resolves a public IP for external access and resolves a privete IP for internal access-Public IP for fqd...

AitorGD by L1 Bithead
  • 4120 Views
  • 1 replies
  • 0 Likes

Resolved! VPN Timeout

Anyone know if there is a way to setup GP VPN to notify the end user before their VPN connection times out? Any feedback will be greatly appreciated. Thanks

tbpowers by L0 Member
  • 2599 Views
  • 1 replies
  • 0 Likes

Commit failed with error "Have to specify one of source or Source-v6 address for netflow"

Hi Team, I am trying to import a firewall for the first time to panorama. I have done many before this but the error this time is new. When I try to push config to firewall which I am trying to import, below message is showned for failure of commit. Details:Have to specify one of source or source-v6 address for netflow.Have to specify one of sou...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels