General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 504 Views
  • 0 replies
  • 0 Likes

Resolved! IPSec Transport Mode

I cannot find a way to configure the IPSec tunnel encapsulation to use Transport Mode versus Tunnel Mode in either the GUI or CLI ... anyone have insight into this?

aragone by Not applicable
  • 5549 Views
  • 4 replies
  • 0 Likes

LSVPN - Contingency

Hi guys,

    I have one snario that have some satellites connecting each with Global Protect Portal (Large Scale VPN) and I need implement contingency. I was trying to create other portal, other gateway , PBF in the satellites to control default route

...

Resolved! BGP "Router ID" and multiple peers

What exactly is the "Router ID" field used for in the BGP tab of Virtual Router configuration?

I ask because I'm planning on announcing a /24 to two different ISPs/peers, and each ISP has its own /30 for the transit segment.  So, if I make the router

...

bradenmcg by L3 Networker
  • 28423 Views
  • 14 replies
  • 0 Likes

Resolved! Two ISP connections - one primary / one guest network

Hello,

Today we have one interface designated as a WAN interface that manages our IPsec tunnels, GP Portal/Gateway, NAT for Websites, and business web browsing and needs.  We have a second internet connection that we use for a guest network that goes

...

cmateam by L3 Networker
  • 10250 Views
  • 8 replies
  • 0 Likes

Resolved! Transparent IP Mode Splice L3 Subnet possible?

I have a client that is currently using Sonicwall and wants to migrate to Palo Alto.  

Sonicwall supports Transparent IP Mode (Splice L3 Subnet) that basically can bridge the WAN subnet onto the DMZ interface.

Let say for example,

WAN Interface - 100.1

...

Resolved! cannot find matching phase-2 tunnel for received proxy ID

We have a site to site VPN setup that was allowing one IP. On the ipsec tunnel sec proxy-id allow local (10.1.2.1/32)  which was working just fine.

We had to recently allow two more IP's 10.1.2.20 and 10.1.2.75. I Changed the ipsec tunnel sec proxy-id

...

bino150 by Not applicable
  • 32725 Views
  • 7 replies
  • 1 Likes

ICMP Timestamps

Hi,

Can anyone please tell me if there is a way to stop my PA from responding to ICMP type 13 and 14 timestamp requests/replies?

Cheers

tezza by L2 Linker
  • 15099 Views
  • 8 replies
  • 0 Likes

Resolved! Aboute ACE exam and about the trainings!

Guys, I wanna to take an ACE exam and should to attand to the training courses. i've been told to attaend to the firewall configuration essentials Firewall Configuration Essentials 101 PAN-OS v.6.0 RevC training course, but i noticed also the follwoi

...

Why viruses/spywares passes PA device unblocked?

Hello

Until now I trusted that default configuration for most purposes is OK.

Today I discovered that few viruses passes in smtp traffic to my email server. I'm curious why?

when in web-broswing traffic the same type of aplication "virus" was denied.

My

...

_slv_ by L4 Transporter
  • 11822 Views
  • 12 replies
  • 0 Likes

IP Directed Broadcast

Hello,

We want to use wake on LAN in a vlan attached to a layer3 interface on the firewall. The magic packets are sent from a server outside the vlan to the broadcast address. I allowed WOL-packets in the firewall policies, and I see them in the logs,

...

New to Palo Alto from Juniper SSG

I was wondering if someone could enlighten me on how to replicate the Mapped IP functionality from Juniper SSG to Palo Alto.

We have a number of services on our current Juniper SSG.  The way we firewall these services is using MIP's on the Untrust Zon

...

Labels