Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
About LCMember4164
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About LCMember4164
03-30-2022
8Posts
4Likes
0Solutions
Mar 30, 2022Last Visited
User
Activity
User
Profile
Latest posts by LCMember4164
| Subject | Views | Posted |
|---|---|---|
| 1896 | 12-10-2018 05:19 AM | |
| 1959 | 12-05-2018 03:27 PM | |
| 3957 | 12-31-2014 02:43 AM | |
| 8283 | 03-14-2013 01:06 AM | |
| 8652 | 03-13-2013 01:27 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 12-05-2018 03:27 PM | |
| 1 Like | 12-31-2014 02:43 AM | |
| 2 Likes | 03-13-2013 01:27 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like |
User Badges
Community Statistics
| Member Since | 02-20-2012 07:00 AM |
| Date Last Visited | 03-30-2022 03:50 AM |
| Posts | 8 |
| Total Likes Received | 4 |
12-10-2018
05:19 AM
Thank you, with the help of one of the docs you shared I was finally able to solve this. It was the domain-map not woriking well, this doc ( https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFnCAK ) is absolute GOLD! With some packet captures I was able to troubleshoot a problem related to the retrieval of the partitions from a Domain Controller. Changed the binding on LDAP of one of the root domain controllers and all started to work ! BTW I already had a group mapping configured on one of the root DCs but i was using the Global Catalog service istead of the normal LDAP. Thank's!
... View more
12-05-2018
03:27 PM
1 Kudo
Hi there, I have some problems with a user-id installation on PAN-OS 8.1.4, scenario: 1) Windows AD Domain Forest, with around 6/7 domains 2) I'm only interested in authenticating users from one of the domains in the forest 3) I've correctly connected the firewall to the local domain controllers and pulled out ip to user mapping 4) I've also correctly connected the firewall to the ldap servers for group mapping, groups are populated correctly The domain is in the form: my-local-domain.myforest.local Problem: Some users are detected as my-local-domain\username while some others are detected as my-local-domain.myforest.local\username and this gives me some problems because only users in the form my-local-domain\username are correctly mapped to groups. I've already checked all the new documentation on user-id in 8.1 but cannot make it work 😞 Looking at one of the users attributes: show user user-attributes user my-local-domain\SOMEUSER Primary: my-local-domain\SOMEUSER Email: SOMEUSER@mydomain.com Alt User Names: 1) SOMEUSER@mydomain.com 2) my-local-domain\SOMEUSER.USERNAME 3) my-local-domain\SOMEUSER 4) SOMEUSER@UPN Basically i would like to configure an Alternate username in the form: my-local-domain.myforest.local\SOMEUSER is it possible using the new "Alternate Username" feature ? if so... how ? thank you!
... View more
12-31-2014
02:43 AM
1 Kudo
Hi all, is it possible to enable / disable an existing security rule via XML API ? Looking at the documentation (both the XML config guide and the api on the firewall) I found no useful informations on this topic thank's !
... View more
03-13-2013
01:27 PM
2 Kudos
hi, is there a maximum number of bgp route entries supported for the 5000 series ? does it support a full ipv4 routing table ? i cannot find any docs or data sheets with this kind of limits detailed... thanks
... View more
Labels:
- Labels:
-
Networking
03-06-2012
07:02 AM
Problem solved. Just updated PAN-OS version from 4.1.1 to 4.1.3 and now it's working! btw didn't find anything in the release notes...
... View more
03-03-2012
02:58 AM
Yes you are right, attached you'll find my ha config! I'm not using preemption and link monitoring right now. The only thing i added just to be sure is a backup dataplane link. All the links are directly connected between the firewalls with cross cables. I also tried to change the Passive Link State to Auto, as suggested by the documentation, but the problems persist... thanks! marco
... View more
03-02-2012
08:10 AM
Hi all, i'm setting up two PA 5020 in Active/Passive HA and I'm having some problems with Aggregate interfaces. I'm using 4 ethernet interfaces per device: ae.1 - trust zone (two physical ethernet interfaces) ae.2 - untrust zone (two physical ethernet interfaces) The device is operating in L3 mode with static routes. If I use a single device, all works flawlessly. If i try to enable HA i start getting packet loss (>5-10% in a LAN environment). If i try to shutdown one of the ports for each port-channel, i'm still getting packet loss. I've also tried to reconfigure the HA pair without Aggregate interfaces and in this case all works perfectly. I really cannot undestand why i'm getting so much packet loss, it doesn't seem to be just an aggregate ethernet issue, because with a single device it works... it also doesn't seem to be only an ha issue, because in ha without aggregate ethernet interfaces it just works perfectly... but when i'm using both ae and ha it just blows up 😞 On the switch side, all seems ok, no errors, nothing strange. Here some configuration snippets, maybe it's just a stupid issue... i'm a newb with this gear 😉 The switch configuration ( cisco 3750 right now, also tried with a 6509 with the same results): interface Port-channel9 description * FW1 - Trust * switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 900 switchport mode trunk switchport nonegotiate spanning-tree portfast trunk ! interface Port-channel10 description * FW1 - Untrust * switchport trunk encapsulation dot1q switchport trunk native vlan 901 switchport trunk allowed vlan 901 switchport mode trunk switchport nonegotiate spanning-tree portfast trunk ! interface Port-channel19 description * FW2 - Trust * switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 900 switchport mode trunk switchport nonegotiate spanning-tree portfast trunk ! interface Port-channel20 description * FW2 - Untrust * switchport trunk encapsulation dot1q switchport trunk native vlan 901 switchport trunk allowed vlan 901 switchport mode trunk switchport nonegotiate spanning-tree portfast trunk ! interface FastEthernet1/0/1 description * PAN-FW1 - Trust * switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 900 switchport mode trunk switchport nonegotiate channel-group 9 mode on spanning-tree portfast trunk ! interface FastEthernet1/0/2 description * PAN-FW1 - Trust * switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 900 switchport mode trunk switchport nonegotiate channel-group 9 mode on spanning-tree portfast trunk ! interface FastEthernet1/0/3 description * PAN-FW1 - Untrust * switchport trunk encapsulation dot1q switchport trunk native vlan 901 switchport trunk allowed vlan 901 switchport mode trunk switchport nonegotiate channel-group 10 mode on spanning-tree portfast trunk ! interface FastEthernet1/0/4 description * PAN-FW1 - Untrust * switchport trunk encapsulation dot1q switchport trunk native vlan 901 switchport trunk allowed vlan 901 switchport mode trunk switchport nonegotiate channel-group 10 mode on spanning-tree portfast trunk ! interface FastEthernet1/0/13 description * PAN-FW2 - Trust * switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 900 switchport mode trunk switchport nonegotiate channel-group 19 mode on spanning-tree portfast trunk ! interface FastEthernet1/0/14 description * PAN-FW2 - Trust * switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 900 switchport mode trunk switchport nonegotiate channel-group 19 mode on spanning-tree portfast trunk ! interface FastEthernet1/0/15 description * PAN-FW2 Untrust * switchport trunk encapsulation dot1q switchport trunk native vlan 901 switchport trunk allowed vlan 901 switchport mode trunk switchport nonegotiate channel-group 20 mode on spanning-tree portfast trunk ! interface FastEthernet1/0/16 description * PAN-FW2 Untrust * switchport trunk encapsulation dot1q switchport trunk native vlan 901 switchport trunk allowed vlan 901 switchport mode trunk switchport nonegotiate channel-group 20 mode on spanning-tree portfast trunk !
... View more
- Tags:
- ha
- portchannel
- setup
Labels:
- Labels:
-
Set Up
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks
