General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

We have some exciting community news to share: Threat Vector, a Unit 42 podcast, is now on LIVEcommunity!

 

Threat Vector is your compass in the world of cyberthreats. Listen to this biweekly podcast to learn about unique threat intelligence, cutting

...

jforsythe by Community Team Member
  • 74 Views
  • 0 replies
  • 0 Likes

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 3324 Views
  • 2 replies
  • 14 Likes

Url category unknown for dropbox and msn

Hello

 

I'm using BrightCloud URL Filtering (at the moment I have 4792 version on my device). I'm started testing this functionality (security policy with url filtering in monitor mode).

In Monitor tab in URL filtering section I see:

How it's possib

...

2016-05-19_095625.jpg
_slv_ by L4 Transporter
  • 1532 Views
  • 2 replies
  • 0 Likes

Resolved! Question about HA 2 link

Hi Team, 

 

Good day!

My questions is in regards to the HA 2 link. It is a l2 link. However, we can have an IP address on it. 

However, lets say that we have no IP address on dedicated HA 2 link on both sides. 

 

Now, If I have a L2 switch in between How w

...

yadsingh by L2 Linker
  • 2178 Views
  • 1 replies
  • 0 Likes

Resolved! PPS Report

Has anyone built a custom report to get packets per second for a destination?

I see we can get total packets transmitted/received over a given period of time, but nothing for calculating pps right in the report.

 

Any suggestions?


Thanks!

AmyTyler by L2 Linker
  • 3030 Views
  • 4 replies
  • 0 Likes

Resolved! User-ID Agent error

 

Hi,

I am getting the below  error in domain controllers  

 

DCOM was unable to communicate with the computer 10.0.129.3 using any of the configured protocols; requested by PID      aec (C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\UaServ

...

sib2017 by L4 Transporter
  • 3946 Views
  • 1 replies
  • 0 Likes

Searching a Howto for two ISP Connection and two Lan

Hello,

 

i seach a HowTo for configuration two different ISP connections and two different LANs. Both should nothing to do with eatch other. They should be seperate. Is there any where a HowTo for this configuration? I only found twi isp connection for

...

Resolved! Pan agent

Hi,

I was using windows 2008 Domain controller and Palo alto ldap profile configured. ,Now changing to 2012
So which version of panagent need to be installed.
Where can i download the panagent ?
Is there something need to be done on paloalto side after

...

sib2017 by L4 Transporter
  • 2290 Views
  • 3 replies
  • 0 Likes

No traffic being logged at all

Hello, we've got a bunch of virtual palo alto firewalls running 7.0.1. One set are running fine, largely configured with no issues. The other set are in a different environment, all the infrastructure is the same (same type of hypervisor, same versio

...

PaulAlto by L0 Member
  • 2104 Views
  • 5 replies
  • 0 Likes

management down

 
Dear engineers.

Here again asking for help and advice.

Implement a PA500 in L3 mode, in which trust in part through mpls 192.168.1.10 and have to get to the adminstracion that has the IP 192.168.1.20, but from another network that is in the M
...

Edluna by L1 Bithead
  • 1344 Views
  • 1 replies
  • 0 Likes

Resolved! Ping outside interface from inside

Can somebody explain how I would be able to ping the IP address on an untrusted interface from inside (trusted). I setup a interface management profile on the interface and I can ping the outside interface IP address from the public internet, but not

...

bbilut by L3 Networker
  • 2701 Views
  • 1 replies
  • 0 Likes

Resolved! Handling Unknown TCP iSCSI traffic

I have  a Dell Equalogic SAN that is replication to an offsite location. The traffic is sent over via a VPN tunnel (Certificate based). This traffic is being reported as unknown tcp. I can verify that the traffic in question is in fact the SAN traffi

...

jharlow by L3 Networker
  • 2788 Views
  • 3 replies
  • 0 Likes

SSL Decryption

We do SSL Decryption on our PA.

 

Recently we have been seeing a lot of sites that do not decrypt

Chrome comes up with ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION

Firefox does not have any meaning full error message

 

A quick google shows that it is to d

...

RC-BHF by L2 Linker
  • 3066 Views
  • 5 replies
  • 1 Likes

Resolved! User-ID Agent questions?

Hello

 

I have few questions regarding user-ID agent that is installed on DC (domain controller)

 

1- When the user login to machine, agent on DC send the username/IP details to PAN immediately?

2-  Say after 10 minutes, user log off then agent on DC

...

Kashif by L2 Linker
  • 7732 Views
  • 8 replies
  • 0 Likes

Show Commands to Verify L3 Sub-interface Configuration

Hello Community,

 

I have configured L3 Sub-Interface on a Palo Alto firewall in a virtual environment. Can someone please let me know if there are any show commands to verify that the configuration is working successfully?

 

Thank you

 

Carlton 

Frequent re-keying of ipsec tunnels

When I look under Monitor -> Logs -> System, I see the following:

 

1. ipsec-key-delete: IPSec key deleted.  Deleted SA <SA info> SPI:<hex dump>

2. ike-nego-p2-succ: IKE phase-2 negotiation is succeeded as responder, quick mode.  Established SA <SA i

...

  • 24124 Posts
  • 100 Subscriptions
Top Solution Authors
Labels