This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Can't seem to connect to Cisco ASA

Using the following Phase 1 settings: I keep getting this error:Received unencrypted notify payload (no proposal chosen) from IP x.x.x.x[500] to y.y.y.y[500], ignored...orIKE phase-1 negotiation is failed. Unable to process peer’s SA payload.Check the IKE Crypto profile configuration to verify that the proposals on both sides have a common encry...

Capture.PNG
dclaro by L0 Member
  • 4494 Views
  • 3 replies
  • 0 Likes

Surveillance system

Has anyone here used a surveillance system?? I'm in need of a security system, but I don't have any idea on how to select the best one. I recently happened to read an article http://www.fire-monitoring.com/ip-cctv-moving-future/ and thought it will be perfect? Has anyone here used it before?? Any first hand experiences with them??

ConMac by L0 Member
  • 2457 Views
  • 2 replies
  • 0 Likes

Skype for Business using App-ID?

Does anyone have a definitive list of which applications are required for 365 hosted Skype for Business to work please? I'm using MineMeld to product a dynamic block list of the 365 Skype for Business IP ranges published by Microsoft and I've settled on simply allowing any application to that IP range (which to be fair isn't a huge concern to me...

Multiple WAN Interface Setup, different zones

Hi all I'm struggling to configure a VM-200 with multiple WAN interfaces. I've read a few forum posts on the subject and I understand the suggestions (PBF, 1:1 vs 1:Many NAT, etc) but the situation I'm in is a little different. We are running the VM-200 on a cloud platform, which has provided us two WAN IP addresses. These addresses are contiguo...

Send OSPF default route with PBR

I have a network were what I would like to have happen is that the PAN device tracks its connection to the internet and as long as that is alive send a default route to its neighbor. If that fails i would like it to stop sending that default route since the neighbor also has a default route that goes out an mpls link

Redundant IPSEC VPN with cisco and VPN monitor

Hello Experts I have PA on hub site and Cisco ASA at spoke site. At hub site, I have two ISP links, and ASA establish two IPSEC VPN with hub PA through both ISP, one IPSEC is primary and other is backup Now to failover, I am thinking to use VPN monitor on PA but what about I will do on Cisco ASA?

Resolved! IPSEC VPN negotiation without traffic

Hello Experts Is there any option to initiate a IPSEC VPN without passing actual traffic. Like in Juniper SRX, there is option "establish-immediately" or in Juniper Netscreen "rekey" option Regards, GR

Rule too allow access to group of URLs?

PANOS 7.0.4 and I'm struggling to do something that feels basic 🙂 I need to allow anything on the LAN access to *.sophos.com *.sophosupd.com*.sophosupd.net*.sophosxl.netocsp2.globalsign.comcrl.globalsign.comas per https://community.sophos.com/kb/en-us/121936 Right now we use captive portal but of course machines might try to update when nobody ...

Regex

Is there any specific regex pattern for Palo Alto ?i am trying to create a Regex that matches SSN but it doesnt seem to like it.It either errors out as it should be 7 bytes long or it is invalid.

Resolved! Order of different NAT

Hello Experts I am just wondering, what is the order of different NAT on same packet. Lets say I want to do destination NAT and source NAT for the same packet. What NAT will happen first destination NAT or source NAT?

Resolved! Destination NAT or Static NAT

Hello If I configured static NAT and destination NAT for one public service to be accessible from Internet. What type of NAT rule will be utilized by PA, I mean static NAT or destination NAT or it soley depends upon the order of rules?

Resolved! Proxy ID in SA?

Hello Experts I have site to site VPN between HQ PA and branch PA. I used the proxy id on HQ as Local: 172.16.110.0/24 remote: 10.10.10.0/24 and everything is working. Now brach office need to access another subnet in HQ that is 172.16.111.0/24. In this case I have to create one more proxy id on both side or just allowing this new subnet in appr...

Resolved! Can't do a commit ! Auto-commit failing

HiHave got a Pa-3020 Demo box to use for a POC, but I cant commit anything as "commit operation aborted as auto-commit not done yet"In the Task view several auto-commit antries are failed.Any one has any suggestions ?? Best Regards Jens W

TestASite issues - not a valid URL

I have been having issues lately with many URLs I manually submit to the test a site page. I am receiving a message that the URL is not valid when it is 100% valid. Anyone else having this issue?

  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks