General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 547 Views
  • 0 replies
  • 2 Likes

Resolved! BGP "Router ID" and multiple peers

What exactly is the "Router ID" field used for in the BGP tab of Virtual Router configuration?

I ask because I'm planning on announcing a /24 to two different ISPs/peers, and each ISP has its own /30 for the transit segment.  So, if I make the router

...

bradenmcg by L3 Networker
  • 25638 Views
  • 14 replies
  • 0 Likes

Resolved! Two ISP connections - one primary / one guest network

Hello,

Today we have one interface designated as a WAN interface that manages our IPsec tunnels, GP Portal/Gateway, NAT for Websites, and business web browsing and needs.  We have a second internet connection that we use for a guest network that goes

...

cmateam by L3 Networker
  • 9474 Views
  • 8 replies
  • 0 Likes

Resolved! Transparent IP Mode Splice L3 Subnet possible?

I have a client that is currently using Sonicwall and wants to migrate to Palo Alto.  

Sonicwall supports Transparent IP Mode (Splice L3 Subnet) that basically can bridge the WAN subnet onto the DMZ interface.

Let say for example,

WAN Interface - 100.1

...

Resolved! cannot find matching phase-2 tunnel for received proxy ID

We have a site to site VPN setup that was allowing one IP. On the ipsec tunnel sec proxy-id allow local (10.1.2.1/32)  which was working just fine.

We had to recently allow two more IP's 10.1.2.20 and 10.1.2.75. I Changed the ipsec tunnel sec proxy-id

...

bino150 by Not applicable
  • 30592 Views
  • 7 replies
  • 1 Likes

ICMP Timestamps

Hi,

Can anyone please tell me if there is a way to stop my PA from responding to ICMP type 13 and 14 timestamp requests/replies?

Cheers

tezza by L2 Linker
  • 13359 Views
  • 8 replies
  • 0 Likes

Resolved! Aboute ACE exam and about the trainings!

Guys, I wanna to take an ACE exam and should to attand to the training courses. i've been told to attaend to the firewall configuration essentials Firewall Configuration Essentials 101 PAN-OS v.6.0 RevC training course, but i noticed also the follwoi

...

Why viruses/spywares passes PA device unblocked?

Hello

Until now I trusted that default configuration for most purposes is OK.

Today I discovered that few viruses passes in smtp traffic to my email server. I'm curious why?

when in web-broswing traffic the same type of aplication "virus" was denied.

My

...

_slv_ by L4 Transporter
  • 10871 Views
  • 12 replies
  • 0 Likes

IP Directed Broadcast

Hello,

We want to use wake on LAN in a vlan attached to a layer3 interface on the firewall. The magic packets are sent from a server outside the vlan to the broadcast address. I allowed WOL-packets in the firewall policies, and I see them in the logs,

...

New to Palo Alto from Juniper SSG

I was wondering if someone could enlighten me on how to replicate the Mapped IP functionality from Juniper SSG to Palo Alto.

We have a number of services on our current Juniper SSG.  The way we firewall these services is using MIP's on the Untrust Zon

...

url_filtering problem

HI all,

We have a cluster of 2xPA3050, for protection to untrusted zone. Last week we enabled the trial license for url_filtering. Since that moment we have met a special problem. We use a citrix application over ssl in the cloud. This citrix server i

...

Labels