About Rboehme

Dear Comm,   I was googleing alot about this topic and but only found this:   https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClXlCAK   My specific question is, if a the User ID agent show the username "pre-logon" learned via "GP" - does this "user" counts to the "gruoup" of "known"-user which I can use in security policies?   Thanks for your support.   Kind regards,   Rene ... View more

Dear comm,   when I have several LDAP servers in a profile for user authentication. How is this list utilized? Is only the first entry used? Are authentication requests distributed over all configured servers? How does it work?   Kind regards,   Rene     ... View more

Dear all,   we found out that we are not able to restart VPN tunnels in PANOS 8.0.x  from GUI because its grayed out and it is an expected behavior as you can see the message "Restart disabled because OK".   The conclusion is that on version 8.0.x it's not possible anymore to restart the tunnel from GUI if the tunnel is up and running, but you can still restart the tunnel from CLI.   Unfortunately there is no official document discussing this subject yet.   Will Palo Alto support us with an official document in the near future? We dont wanted to open a TAC case for this question so we are directing this question to the community.   Thanks and kind regards,   Rene ... View more

Hi there,   if we are going to the tab "Policy" we will see 7 different sub tabs. The tabs are:   Security NAT QoS PBF App Override Captive Portal DoS Protection   So I know for example that Security rules are always checked before NAT rules but whats about the rest? I spent planty of time google for this information but without success. ... View more

Dear community,   I am struggling around with a though I cant find an answer for. I every documentation I found they state that additional LDAP server are for fault tollerance only. Imagine the follwing setup:   A customer is loadbalancing user authentication against more than one LDAP servers.   So actually that means the firewall will only monitor one of maximum 4 LDAP servers (per profile). Think about all of the servers are up and running but user logon is distributed across all four LDAP servers. How will I be able to discover complete user ID information?   Kind regards,   Rene ... View more

Hi all,   is anyone familiar with this issue? We are facing this currently but Google almost spits out nothing about this issue. I was going through the User-ID deployment and troubleshooting guide but nothing helpful there. Any ideas?       ... View more

Have export of traffic /threat/url etc set up on log export All setup to use SCP. Target linux server is setup correctly. Test SCP server connection works correctly (see attach word doc) Job fails with an error in system log : Failed exporting data log via ssh (last-calendar-day) to 192.168.252.61. Permission denied, please try again..' ) Also tested everything is OK by running export from command line , this works , see log below: ****@sd061(active)> scp export log traffic to data-paloalto-prd@192.168.252.61:/home/data-paloalto-prd/sd060logs/sd060-20150914x start-time equal 2015/09/11@00:00:00 end-time equal 2015/09/14@10:09:00 (container-tag: export container-tag: log container-tag: traffic leaf-tag: to value: data-paloalto-prd@192.168.252.61:/home/data-paloalto-prd/sd060logs/sd060-20150914x container-tag: start-time leaf-tag: equal value: 2015/09/11@00:00:00 pop-tag: container-tag: end-time leaf-tag: equal value: 2015/09/14@10:09:00 pop-tag: pop-tag: pop-tag: pop-tag:) ((eol-matched: . #t) (cli-handler: . scp-handler) (context-inserted-at-end-p: . #f)) /usr/local/bin/pan_logquery  -L 3600 -b -t traffic -t1 1441926000 -t2 1442221740 2> /dev/null | /usr/bin/ssh 'data-paloalto-prd@192.168.252.61' ' cat > /home/data-paloalto-prd/sd060logs/sd060-20150914x ' data-paloalto-prd@192.168.252.61's password: Marking log as exported successfully... /usr/local/bin/pan_slog -t 1 -s 1 -o 'Succeed to export traffic log (2015/09/11@00:00:00 - 2015/09/14@10:09:00)' /usr/local/bin/pan_logquery  -L 3600 -b -t traffic -t1 1441926000 -t2 1442221740 -m  1> /dev/null 'cfg.reportd.enable': NO_MATCHES 2015-09-14 10:41:26.518 +0100 Error:  pan_logdb_update_file_construct(pan_logdb.c:474): update file: /opt/panlogs/logdb/traffic/1/20150914/pan.0000000000.log.actionflags.updatefile exists but of wrong size: 800891 expected size: 809485 /usr/local/bin/pan_slog -t 1 -s 1 -o 'Succeed to mark traffic log as exported'   May you please help? ... View more

Dear all, i have searched for a while now and was reading through the documentation. Unfortunately I didn't find anything. I would like to now if it is possible to get a report created which fulfills the following criteria: - logs all VPN logins done by the users - is sent out automaticly on a given time Thanks and regards, Rene ... View more