General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Number of session

Hi,Palo alto suddenly stops client going internet .resolving dns stops ( dns forwarder just giving timeout instead of the dns query result ) .Does it mean maximum number of session has saturated? How can we know maximum number of session reached .Where do we begin to troubleshoot Thanks

sib2017 by L4 Transporter
  • 3357 Views
  • 5 replies
  • 0 Likes

Wildfire SMTP - Malicious objects not blocked

Hi, We recently had our FW setup by an external security company. Yesterday we had a malicious email attack which got past our email scanning service. Although Wildfire identified the attachments as malicious, they were sent on to the recipients (around 500). Luckily our AV's heuristics blocked the execution of the powershell script on most clie...

Capture3.PNG
Kuiper by L1 Bithead
  • 4800 Views
  • 5 replies
  • 0 Likes

Resolved! Nest a External Dynamic List (type=URL) in a Custom URL Category

Is it possible to nest a External Dynamic List (type=URL) in a Custom URL Category or to nest Custom Categories?Example:Custom URL Category = "Allow List"External Dynamic List (type=URL) = "Immediate Allow List" on external server (http://10.11.30.4/url/immediate.txt)Example Result:Allow List (Custom URL Category)anydomain.com*.anydomain.comNext...

Resolved! Security Policy for IPSec traffic

Hello, We are setting up Site-to-Site IPSec VPN between PA and Cisco router. The examples provided on PA websites do not suggest any security policy for this. When we use a security policy for 'Outside-Untrust' to 'Outside-Untrust' to allow traffic between IPsec tunnel end points, we can see traffic matching this policy. Do we need an intrazone ...

Farzana by L4 Transporter
  • 2932 Views
  • 1 replies
  • 0 Likes

scan-host sweep

Hi,Under threat detection, scan host sweep droped some traffic. And under the rules it did not show anything .What does it meanThanks

sib2017 by L4 Transporter
  • 10596 Views
  • 7 replies
  • 0 Likes

Telegram website is not accessible

Hi, I've one client that cannot access https://telegram.org but he can access all other https website. We tried to use a security rule with one source address and any any allow but still the same. In the traffic monitor we can observe the session end reason is aged-out. We are not using any ssl decryption rule. Regards,Sharief

PA telegramTraffic log.png
PA telegramTraffic log2.png

Resolved! How Many public IP be required to setup full HA Active-Active Mode With two Palo Alto NGFW 3020?

Hello Geeks, I would like to ask for your kind support on my issues of 'How Many WAN IP will be required to setup full HA Active-Active failover mode with two Palo Alto NGFW 3020?' First of all, I would like to appologize you all if my question may make your mind complex. We already bought NGFW 3020 firewalls (Two) to upgrade our organization ne...

Wayne88 by L1 Bithead
  • 4268 Views
  • 1 replies
  • 0 Likes

Resolved! spoof

Hi,How palo alto blocks if ip address is spoofed .Why does it not work in vwire modeThanks

sib2017 by L4 Transporter
  • 4044 Views
  • 1 replies
  • 0 Likes

Link Aggregation Query

We have PA 500 which links to 100 Mbps throughput as mentioned by datasheet.If we do link aggregation would it be possible for us to increase that ? Thanks in advance.

Resolved! Site to Site VPN with error Failed SA

Hi, We have configured a site to site vpn between palo alto and cisco ASA. However, both sites are static and PA is the intiator, ACL is configured properly on Cisco side but I got the error: "IKE Phase-2 negotiation is failed as initiator, quick mode, Failed SA: 213.42.x.x [4500] - 185.141.x.x [4500] message id:xxxxx. Due to negotiation timeout...

"Client cert is invalid to the gateway" error

Hi, I am trying to setup machine cert authentication, but it appears I am missing something. Local user auth works fine without certificates. Gateway and Portal are on a single 3020 with 7.1. I created a local-CA and generated a cert for all windows 7 machines.I imported this cert into the Local Computer personal stores on the windows 7 compute...

BBartik by L2 Linker
  • 4340 Views
  • 2 replies
  • 0 Likes

Changing Global Protect Portal Using plist without Restarting Mac

Here are the steps I've tried in chaning the portal Global Protect.app without restarting the Mac: Packaged up /Library/Preferences/com. paloaltonetworks.GlobalProtect.settings.plist and ~/Library/Preferences/com. paloaltonetworks.GlobalProtect.settings.plist with the new <portal>Deployed package to both paths listed above (Mac does not ta...

ShawnP by L1 Bithead
  • 5751 Views
  • 4 replies
  • 0 Likes

NAT Between VR's

Hello.Despite my best efforts I am unable to get this concept working. We have 1 x Palo Alto 3020.It has 2 Virtual routers configured. Both use 192.168.*.* networks. I'd like to access a machine in the neighbour VR, from the opposite VR. As the networks overlap, I presumed this would be a case of using NAT. I can't get the configuration to w...

PCortes by L0 Member
  • 2831 Views
  • 1 replies
  • 0 Likes
  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels