General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Elastic search suddenly down

Hi,

 

I am writing this to ask if anyone has experience with ES suddenly down? After restart only logs become normal. I need idea on what we can check to know the root cause of ES suddenly down.

VPN tunnel is getting dropped

we are seeing tunnel drop with below error message.

IKE phase-1 SA is deleted SA: 1.1.1.1[500]-2.2.2.2[500] cookie:191098e4ef6db35d:eba9ee89ff200b07

Resolved! NTP not working once authentication is enabled

Hi Guys,

NTP was working well. But when authentication was enabled below msg  is seen on the Firewall (NTP Stopped working)

NTP server is a local one using IP address (not FQDN)

PAN-OS Version 10.1.5-h1

All the other devices are syncing except for th

...

paragkarki143_1-1663308368803.png
Pras by L4 Transporter
  • 4956 Views
  • 9 replies
  • 0 Likes

How to remediate overly permissive any- any rule

  • We have an overly permissive rule with Source, destination and ports as Any. We are working to remove this rule but this  is widely used. Please suggest what's the best way to identify the traffic using this rule and to create rules with specific sou
...

FIDO2 support for GlobalProtect client

FIDO2 Security cards during Entra ID SAML authentication does not work. The option to select a hardware "security key" during the Entra ID login flow is not shown. Only the built-in/embeded GlobalProtect web browser exhibits this issue.

 

The feature

...

transition from trial to purchased license

Hi All,

 

We are in a scenario where we are running firewalls on trial licenses. 

 

We have purchased the licenses. Can you help me with following queries :
1. When firewall transition from trial -> purchased license, will firewall drop the network tr

...

BRI-IT by L0 Member
  • 131 Views
  • 1 replies
  • 0 Likes

Replace SFP Process

Hi we have a PA-850. Port 5 has a RJ45 SFP adapter, internet connection. We are upgrading our Internet connection (bandwidth increase only, no IP changes) and the new handoff from the ISP is single mode fiber, so I purchased a PAN-SFP-PLUS-LR to supp

...

Allow only global protect from trust to untrust.

Hi Everyone Greeting.

 

I need to allow only the GlobalProtect application from the trust to the untrust zone, by allowing:

  1.  First security policies : source trust -> destination untrust -> Application DNS -> Allow
  2. Second security policies : sourc
...

ariiero by L0 Member
  • 67 Views
  • 0 replies
  • 0 Likes

Resolved! 2 Tunnel With 2 IP Public. Secondary one is filtered ?

I have two IPSec tunnels with 2 ISPs:
ISP 1 is Primary
ISP 2 is Secondary
with a Failover scheme.

 

But when I set the metric for ISP 1 to 10 and ISP 2 to 200, it seems that the public IP of the second ISP cannot ping the second tunnel's peer gateway, w

...

ariiero by L0 Member
  • 238 Views
  • 2 replies
  • 0 Likes
  • 24181 Posts
  • 101 Subscriptions
This widget could not be displayed.
Top Solution Authors
Top Liked Authors
Labels