This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 266 Views
  • 0 replies
  • 1 Likes

Resolved! Ping outside interface from inside

Can somebody explain how I would be able to ping the IP address on an untrusted interface from inside (trusted). I setup a interface management profile on the interface and I can ping the outside interface IP address from the public internet, but not

...

bbilut by L3 Networker
  • 3296 Views
  • 1 replies
  • 0 Likes

Resolved! Handling Unknown TCP iSCSI traffic

I have  a Dell Equalogic SAN that is replication to an offsite location. The traffic is sent over via a VPN tunnel (Certificate based). This traffic is being reported as unknown tcp. I can verify that the traffic in question is in fact the SAN traffi

...

jharlow by L3 Networker
  • 3142 Views
  • 3 replies
  • 0 Likes

SSL Decryption

We do SSL Decryption on our PA.

 

Recently we have been seeing a lot of sites that do not decrypt

Chrome comes up with ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION

Firefox does not have any meaning full error message

 

A quick google shows that it is to d

...

RC-BHF by L2 Linker
  • 3438 Views
  • 5 replies
  • 1 Likes

Resolved! User-ID Agent questions?

Hello

 

I have few questions regarding user-ID agent that is installed on DC (domain controller)

 

1- When the user login to machine, agent on DC send the username/IP details to PAN immediately?

2-  Say after 10 minutes, user log off then agent on DC

...

Kashif by L2 Linker
  • 8481 Views
  • 8 replies
  • 0 Likes

Show Commands to Verify L3 Sub-interface Configuration

Hello Community,

 

I have configured L3 Sub-Interface on a Palo Alto firewall in a virtual environment. Can someone please let me know if there are any show commands to verify that the configuration is working successfully?

 

Thank you

 

Carlton 

Frequent re-keying of ipsec tunnels

When I look under Monitor -> Logs -> System, I see the following:

 

1. ipsec-key-delete: IPSec key deleted.  Deleted SA <SA info> SPI:<hex dump>

2. ike-nego-p2-succ: IKE phase-2 negotiation is succeeded as responder, quick mode.  Established SA <SA i

...

HA VSYS

Hi,

 

Have anyone tried to configure different HA setup for different VSYS? Let's say VSYS1 is active/active and VSYS2 is active/passive.

 

Thanks,

MBS

Resolved! VPN with built in VPN Client of OS X

Hi there,

 

for a special reason I need to setup a dedicated VPN Gateway for the built in iOS/OS X VPN client. Before I start to setup a Linux System for that I would like to find out if it's possible with PaloAlto or not. In the past there was a X-A

...

Panorama Error commit

Hi,

 

We have a cluster PA (Madrid) in version 5.0.14, and two PA in stand-alone (Singapur, Miami) in version 7.0.6.

We just commited the panorama config but we got a error in cluster PA Madrid.

Panorama in 7.0.6 can handle firewalls in version 5.0.1

...

Captura.JPG

dnsproxy failures

System log fills with messages like "Failed to resolve domain name:defrxpwgklm.capco.com after trying all attempts to name server(s): 8.8.4.4  194.25.0.68". DNS without dnsproxy is working. Can i restart the dnsproxy to fix this issue?

The messages ar

...

azwicker by L1 Bithead
  • 2979 Views
  • 3 replies
  • 0 Likes

Resolved! DMZ Web Server Access Setup PT2

Hello Community,

 

Can someone please let me know if Palo Alto have any documentation examples of setting up access to a webserver from the Internet that resides in a DMZ?

 

Thank you

 

Carlton 

User-ID Agent Upgrade

Hi,

 

We are planning to upgrade the User-ID Agent from version 6.0.6-4 to 7.0.3-13.

 

Three PAN-OS are running with version 7.1.1, 7.0.5-h2 and 7.0.2 use the same agent server.

 

Is version 7.0.3-13 will work with PAN-OS version above?

qafcopa by L1 Bithead
  • 3255 Views
  • 3 replies
  • 0 Likes
  • 23632 Posts
  • 107 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks