About swhyte

You can clear the cache for this information with the following commands: > debug dataplane reset user-cache    > all   Reset all ip to user cache in data plane    > ip    Reset the specified ip to user cache in data plane thanks, Stephen ... View more

Hello, I believe this is a bug. Please call into support in order that it can be verified. thank you, Stephen ... View more

You can click on the loopback interface from the web ui. When it opens up simply check the check box to the left of the ip address. Then make sure and select delete before you click on "ok"....Then commit. Stephen ... View more

This can easily be done be doing one or both of the following: 1. create a policy that allows all applications and services specifically for those users (make sure and I identify either their names if you are using user identification or list their ips) ...you want to do this so that this allow all rule that you create does not apply to all of the other users.. On this allow all rule, make sure that you select log at session end or both log at session end and session start under the "options" section of the policy. 2. Create a url filtering profile (I suggest this because I assume you want to track/log the categorgization of the sites that they are browsing to). In that url filtering profile select ALL category actions as "alert". When you do this you are telling the paloalto device to log all of the user browsing and the site categorizations and allow them..........If you select "allow" you will only allow the sessions and not log them. thank you, Stephen ... View more

Do you have sessions where the destination address is with this subnet: 192.168.0.0/.22? If so are the sessions allowed? Is the device that you are trying to reach in 192.168.0.0/22 network able to ping the interface on the paloalto device? Can you call into support in order that we can take a look? ... View more

Are you sure that the traffic is being routed to the Paloalto device? Are there session in the Paloalto device when try to communicate to users in the 192.168.0.0/22 subnet? There are numerous issues that could  cause this, at this point it will probably be easier to call into support to aid you in troubleshooting this. thank you, Stephen ... View more

Hello, please put in an enhancement request to have the policies exported as pdf report. Thanks, Stephen ... View more

Hello, both interfaces ethernet 2 and ethernet 3 are in the same zone and we do allow intra zone traffic. So the traffic should be allowed UNLESS you have a deny all rule in your policies. If you have the deny all rule then that includes intra zone traffic. Try creating a Trust to Trust rule to allow the traffic and move it to the top of your rule set. If your traffic starts flowing then this was probably the issue. ... View more

Hello, great problem description. There is no issue with route based vpn. From your problem description this should work just fine UNLESS, there is a routing issue on the other side of the tunnel. Especially since you are getting incompletes, it sounds like traffic is going across the tunnel from the Paloalto side but nothing is returning. So since the remote end can see your traffic, make sure that that return traffic from the remote end is pointed to the device that is the other side of the tunnel. So in other words if your configuration is like this: client<----->Paloalto<----->tunnel<------>the device terminating the tunnel<----------->server on remote network make sure and pay attention to your NAT's and routes. The "server on remote network" traffic that is destined for the "client" should be routed back to "the device terminating the tunnel". thanks, Stephen ... View more

Hello Veera, all of what you have described are basic functions of the Paloalto device. So they should work just fine. As long as you have policies to allow traffic from the trust to dmz or dmz to trust and routing is correct, this should work. Also sharing should work fine especially if ftp and ping work. Perhaps you can create a policy for all traffic between the trust and dmz and the dmz and trust, allowing all applications and services. If committting this policy resolves your issues then you know that perhaps your were not allowing all the necessary applications and services. However if your problems still persist, you can call into support in order that we can take a closer look at your device configuration and network configuration. thanks, Stephen ... View more

hello Jaseng, Go to Network-->Interfaces Click on an interface. Select Aggregate ethernet under the "type" drop down You should then see the "Aggregate Group" drop down under the "Assign Interface to" field. thank you, Stephen ... View more

Hello Henrik, you are correct. Please feel free submit an enhancement request through your sales contact or support. thank you, Stephen  ... View more

Hello Henrik, please feel free to submit your enhancement request through your sales contact or support anyway. thank you, Stephen ... View more