General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 547 Views
  • 0 replies
  • 2 Likes

Palo Alto BGP: Conditional Advertising

Dear All,

Recently we have been migrating to a non-trivial BGP setup, and I have had to experiment with the conditional advertising BGP feature in Palo Alto. I was familiar with this concept from cisco, but alas I still found the documentation availab

...

Resolved! Aggregate Ethernet Interface with Subinterfaces

Hi there,

I'd like to set up a PA-5060 with an aggregate Layer 3 ethernet interface with no address:

Aggregate Interface

Name: ae1

Type: Layer 3

Address: (none)

Virtual Router: (none)

Tag: (none)

Security Zone: (none)

and then add subinterfaces to it, each of

...

Aggregation interface on virtual wire

Hello All,

Is there supported to create virtual wire aggregate group ae1 with 3 physical interfaces and another ae2 with another 3 physical interfaces, then form virtual wire with ae1 and ae2. Point of this setup is to put PA between two switches with

...

Tician by L3 Networker
  • 6688 Views
  • 6 replies
  • 0 Likes

Inbound traffic to DMZ issue

We have reports of certain users not being able to access our public website but majority of users are able to. The traffic log shows that the application is incomplete. Packet capture reveals the 3-way handshake does not complete and the session tim

...

x by L1 Bithead
  • 6287 Views
  • 5 replies
  • 0 Likes

Resolved! maximum number of bgp routes

hi,

is there a maximum number of bgp route entries supported for the 5000 series ? does it support a full ipv4 routing table ? i cannot find any docs or data sheets with this kind of limits detailed...

thanks

OSPF Adjacency Issues

We've got a Cisco 7301 routers that forms OSPF adjacencies with an HA pair of 5020 firewalls.  Recently I swapped this router out with a different router with the same IPs but different configs to test a new WAN connection.  OSPF forms up just fine w

...

aglej by Not applicable
  • 16414 Views
  • 14 replies
  • 0 Likes

Resolved! GlobalProtect BSOD Windows 8.1

Installed the latest round of Windows (and driver) updates.  1-3 seconds after GlobalProtect connects, I get a BSOD and reboot. I've read through various memory dumps and it's always one of two issues.

pangps.exe -

IRQL_NOT_LESS_OR_EQUAL (a)

An attemp

...

Resolved! Is it possible to write a rule matching any IP ending in .xx

Hi all,

I have a question, is it possible to write a rule that matches only a part of the IP address? For example match any IP ending in .51? Using wildcards this would be  *.*.*.51


Put another way, i would like to match all IP's that are x.x.x.51 wher

...

Saqib by Not applicable
  • 5824 Views
  • 8 replies
  • 0 Likes

Resolved! IPSec VPN restarts very often

Hallo,

I have defined a IPSec VPN connection with following params:

ike: 3des/sha1/dh5 Lifetime: 8 hours

ipsec: ESP/3des/sha1/dh5 Lifetime: 30 minutes (life size not set, shows 0MB)

ike gateway: main mode, DP enabled

The connection is established but in s

...

Resolved! Data center firewall design?

Hi All,

I have couple question in mind when I’m think about implementation PAN firewalls in Data center design. In reviewing design guide “Designing Networks with Palo Alto Networks Firewalls”, mostly where described perimeter firewall with upstream u

...

Tician by L3 Networker
  • 11245 Views
  • 11 replies
  • 0 Likes

Resolved! IPSec Transport Mode

I cannot find a way to configure the IPSec tunnel encapsulation to use Transport Mode versus Tunnel Mode in either the GUI or CLI ... anyone have insight into this?

aragone by Not applicable
  • 5184 Views
  • 4 replies
  • 0 Likes

LSVPN - Contingency

Hi guys,

    I have one snario that have some satellites connecting each with Global Protect Portal (Large Scale VPN) and I need implement contingency. I was trying to create other portal, other gateway , PBF in the satellites to control default route

...

Labels