General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 2972 Views
  • 2 replies
  • 14 Likes

Multi-VR routes and security policies issues

I have an issue where we have mulit-VRs in place 1) default and 2nd) VR that is utilized for DMZ and untrust routes

 

Both VR's share a common zone name "public" for example. 

 

I have issues routing where for instance I have my internal network segm

...

CZaloba by L1 Bithead
  • 2206 Views
  • 2 replies
  • 0 Likes

Global Protect DNS Suffix Not Propogating to Client

Hi,

 

I have a strange issue where my Global Protect SSL Client connects to the firewall with no issues.  I get the IP, the routes and the DNS servers but I don't get anything listed in the DNS Suffix entry.  I have configured the DNS Suffix correctl

...

MHaran by L1 Bithead
  • 5887 Views
  • 5 replies
  • 0 Likes

syslog configuration

Hi,

I have attached  my syslog configuration . 

but in my syslog i missed most of the logs .

then assigned to the  policy  

 

To  forward all the logs  , attached configuration 

 

 

 

 

what if  i choose another facilty  ?

 

if i put one interface i

...

Palo alto syslog server.png
server pofile.png
sib2017 by L4 Transporter
  • 3174 Views
  • 4 replies
  • 0 Likes

Wildfire

So currently I am using wildfire but only choosing to forward the file. Is anyone using the block option? If so are what are the pros and cons?

jdprovine by L4 Transporter
  • 3057 Views
  • 7 replies
  • 0 Likes

Ignite

Hello

 

The yearly PA bash is held in US , this all good for our North American cousins

Is there an equivalent for Europe , not all our employers can spare the expense to send people all the way to the US !

 

 

RC-BHF by L2 Linker
  • 1450 Views
  • 0 replies
  • 1 Likes

vwire & VLAN tagging?

Hi all,

Is there any issue with configuring a vwire for both tagged and untagged traffic. For example use VLAN tag 0 AND whatever my real tags would be, like 1, 100, 200, etc. I'm assuming it will be fine since there is an option for 0-4094.

Any issues

...

BigIr0n by L0 Member
  • 7124 Views
  • 6 replies
  • 0 Likes

User-ID Group Mapping for Multi Domain Single forest

Hi everyone.

I'm trying to setup a User-ID installation for our multi-domain Active Directory environment.

 

Here is a rundown on what we have

DomainA = Workstations, groups, users, servers, etc. The main domain where everything is conducted

DomainB

...

Resolved! Manual failback for PBF

Is there a way to force PBF rules to have to be manually failved back? As it is now, if our primary ISP fails, we failover to a secondary ISP using PBF. However, once the primary is back up, things fail back to it immediately. We would like to preven

...

cburke by L1 Bithead
  • 4518 Views
  • 9 replies
  • 0 Likes

Losing group mappings suddenly

Hi, 

 

We have a PA3020 with PanOS 6.1.10. We are having problem with any groups, suddenly the Palo Alto loses group mappings in 2 groups and the rule stops matching, we dont know why PA stops identifying the groups.

 

I have checked the useridd.log

...

Aggregate Ethernet Considerations

Hello Everyone, 

 

I just want to double check my understanding of AE interfaces limitations indicated below. Appreciate your feedback.

 

1. I cannot mix 1G copper interfaces with 1G fiber interfaces in the same AE. Is this correct for all platforms

...

PCoIP traffic getting dropped because it's using SSL

I have VMWare View clients and I'm trying to set up the rule with the vmware-view App-ID, but the traffic gets dropped at PCoIP. The PA logs are showing tcp/4172 as SSL, even though PCoIP has port tcp/4172 defined.

 

 

Is this an issue with the App-I

...

Maxstr by L3 Networker
  • 6802 Views
  • 13 replies
  • 0 Likes

Globalprotect and simple SSL VPN?

It appears that, after a user has authenticated to a Globalprotect portal for the first time, they are prompted to download and install client software. Does Globalprotect (or Palo Alto in general) provide the option of simple client SSL VPN? ie; whe

...

Upgrade 6.1.x to 7.0.x

In the release notes of 7.0.5-h2 there is now this information:

 

Before you upgrade to PAN-OS 7.0.3 or a later PAN-OS 7.0 release, you should review the information about how to upgrade
a firewall to PAN-OS 7.0. Additionally, if virtual system (vsys)

...

Anon1 by L4 Transporter
  • 6780 Views
  • 10 replies
  • 0 Likes
  • 24037 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors