General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 597 Views
  • 0 replies
  • 0 Likes

Resolved! IPSEC Tunnel to ASA - PeerID issues

I am setting up an IPSec tunnel to an ASA. I am getting an error message about the PEERID type only allowing IP but received FQDN. Per the other KB article, I changed the PAN Exchange mode to Aggressive.

Now the PAN received a FQDN of the ASA side an

...

SDorsey by L4 Transporter
  • 6776 Views
  • 5 replies
  • 1 Likes

GlobalProtect client behind a proxy, configuration help

I am trying to establish an ssl vpn connection using the globalprotect client, but the client is behind a proxy using a configuration script.  I have tried calling paloalto support but they said their client is not proxy aware.  Does anyone know of s

...

bigtone by L1 Bithead
  • 19640 Views
  • 6 replies
  • 0 Likes

Palo Alto BGP: Conditional Advertising

Dear All,

Recently we have been migrating to a non-trivial BGP setup, and I have had to experiment with the conditional advertising BGP feature in Palo Alto. I was familiar with this concept from cisco, but alas I still found the documentation availab

...

Resolved! Aggregate Ethernet Interface with Subinterfaces

Hi there,

I'd like to set up a PA-5060 with an aggregate Layer 3 ethernet interface with no address:

Aggregate Interface

Name: ae1

Type: Layer 3

Address: (none)

Virtual Router: (none)

Tag: (none)

Security Zone: (none)

and then add subinterfaces to it, each of

...

Aggregation interface on virtual wire

Hello All,

Is there supported to create virtual wire aggregate group ae1 with 3 physical interfaces and another ae2 with another 3 physical interfaces, then form virtual wire with ae1 and ae2. Point of this setup is to put PA between two switches with

...

Tician by L3 Networker
  • 7529 Views
  • 6 replies
  • 0 Likes

Inbound traffic to DMZ issue

We have reports of certain users not being able to access our public website but majority of users are able to. The traffic log shows that the application is incomplete. Packet capture reveals the 3-way handshake does not complete and the session tim

...

x by L1 Bithead
  • 6967 Views
  • 5 replies
  • 0 Likes

Resolved! maximum number of bgp routes

hi,

is there a maximum number of bgp route entries supported for the 5000 series ? does it support a full ipv4 routing table ? i cannot find any docs or data sheets with this kind of limits detailed...

thanks

OSPF Adjacency Issues

We've got a Cisco 7301 routers that forms OSPF adjacencies with an HA pair of 5020 firewalls.  Recently I swapped this router out with a different router with the same IPs but different configs to test a new WAN connection.  OSPF forms up just fine w

...

aglej by Not applicable
  • 19123 Views
  • 14 replies
  • 0 Likes

Resolved! GlobalProtect BSOD Windows 8.1

Installed the latest round of Windows (and driver) updates.  1-3 seconds after GlobalProtect connects, I get a BSOD and reboot. I've read through various memory dumps and it's always one of two issues.

pangps.exe -

IRQL_NOT_LESS_OR_EQUAL (a)

An attemp

...

Resolved! Is it possible to write a rule matching any IP ending in .xx

Hi all,

I have a question, is it possible to write a rule that matches only a part of the IP address? For example match any IP ending in .51? Using wildcards this would be  *.*.*.51


Put another way, i would like to match all IP's that are x.x.x.51 wher

...

Saqib by Not applicable
  • 6688 Views
  • 8 replies
  • 0 Likes

Resolved! IPSec VPN restarts very often

Hallo,

I have defined a IPSec VPN connection with following params:

ike: 3des/sha1/dh5 Lifetime: 8 hours

ipsec: ESP/3des/sha1/dh5 Lifetime: 30 minutes (life size not set, shows 0MB)

ike gateway: main mode, DP enabled

The connection is established but in s

...

Resolved! Data center firewall design?

Hi All,

I have couple question in mind when I’m think about implementation PAN firewalls in Data center design. In reviewing design guide “Designing Networks with Palo Alto Networks Firewalls”, mostly where described perimeter firewall with upstream u

...

Tician by L3 Networker
  • 12407 Views
  • 11 replies
  • 0 Likes
Labels