General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 409 Views
  • 0 replies
  • 2 Likes

Redistribute Route to GlobalProtect with BGP

Background:


We have a 172.20.0.0/16 internal network that is connected to our Amazon AWS VPC. A route is successfully advertized to our AWS peer using BGP and from the local network I can reach our server instances in the VPC. AWS resources are assign

...

Resolved! Block streaming media for sports only

Hello,

 

We have received a request to block streaming media only for the sports category.  Is that possible and how would we go about doing that?

 

We have a PA-3020 running software version 7.06

 

thank you

mike

JustMike by L1 Bithead
  • 4975 Views
  • 6 replies
  • 0 Likes

Can a IPSec tunnel entry be used by muliple connections

Hi, We have a number of (25+ ) remote 4G modems, that we wish to have VPN'd into our network. The modems can do L2TP/IPSec, IPSec, PPTP. Each modem has a WAN interface which is dynamic and a LAN interface with either one or two devices connected to i...

Resolved! Panorama or Firewall PAN-OS? What to upgrade first?

Hi Guys,

 

We currently have 12 Palo Alto firewall appliances and 1 Panorama management server. Panorama version is currently 5.1.9 and the firewalls are all on version 5.0.14.
We are looking at upgrading the entire estate to version 7.0.8  and it’s a m

...

Help with inter-subnet routing

Looking for input on a subnet routing, issue I am having. 

 

So I have let’s say for argument I have two zones, Trust and Untrust. 

 

Interfaces

Int 1/1 - Untrust Internet 192.168.0.1

Int 1/2 - Trust 10.8.1.20

Int 1/3 - Trust 10.26.96.1

 

I have a vi

...

ckluck by L0 Member
  • 3731 Views
  • 5 replies
  • 0 Likes

Help with network design

So my network consists of a PA200, a Juniper SRX, 2 servers, a VOIP phone, and a WAP. 

 

I recently configured the PA-200 with 3 subinterfaces for the 172.16.2.1/24, 172.16.3.1/24, and 172.16.4.1/24 networks. The Juniper port was configured with as a t

...

Zolson1 by L0 Member
  • 2141 Views
  • 2 replies
  • 0 Likes

PBFand Default route

In our orginazation, we have dual ISP and PAN firewalls. We have configured PBF with ISP 1 and default route for ISP 2

 

Both ISP interfaces on Pan firewall is same zone called untrust

 

example :  ethernet 1/11 

                     ethernet 1/11.200 ---

...

How PA can replace a Proxy

Hi,

 

i search a easy way to see who is surfing on witch web site. where is it and how can i automatically write it to our file server oder any where else to?

So my dream is to put our proxy out of order.

the PA is connected to LDAP i can see a user but

...

Resolved! How to bound an ACL to GP VPN client

Hello
i have a need to provide a contractor with VPN access to certain resource on internal network (let’s call them 10.20.1.0/24)

I have a working VPN GP/Portal and contractor can connect to VPN with no issue. But contractor is allowed to access all i

...

Routing via a new internet connection

We currently route all internet traffic out through an internet connection connected to Ethernet1/4 on out firewall. I have another Internet connection that I'm going to connect to Ethernet1/6, and I want fraffic from one of my VLANs on site to route

...

GC66 by L1 Bithead
  • 1945 Views
  • 1 replies
  • 0 Likes

Resolved! 7.01 and certs

I am looking for the article that says that you cannot upgrade directly to anything past 7.01 without breaking certs.

jdprovine by L4 Transporter
  • 1795 Views
  • 1 replies
  • 0 Likes

Resolved! Application: Incomplete

Hi,

 

Does anyone have a suggestion on how to create a rule to catch Application incomplete? Now that traffic hits the first policy that allows traffic on that service (port). And it clogs the logs when looking at that rule and what has passes through

...

mgusta by L2 Linker
  • 10176 Views
  • 7 replies
  • 0 Likes
  • 23695 Posts
  • 110 Subscriptions
Top Solution Authors
Labels