General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 431 Views
  • 0 replies
  • 2 Likes

Resolved! SSL Decryption

Hello

 

We have recentley tuned on SSL Decryption for some users.

Since then we are getting some SSL sites that cannot be accessed due to cypher mismatch. It is something we were exepcting, but not the amount of URL this is happneing for.

 

My questi

...

RC-BHF by L2 Linker
  • 2146 Views
  • 2 replies
  • 0 Likes

Multi-VR routes and security policies issues

I have an issue where we have mulit-VRs in place 1) default and 2nd) VR that is utilized for DMZ and untrust routes

 

Both VR's share a common zone name "public" for example. 

 

I have issues routing where for instance I have my internal network segm

...

CZaloba by L0 Member
  • 2790 Views
  • 2 replies
  • 0 Likes

Global Protect DNS Suffix Not Propogating to Client

Hi,

 

I have a strange issue where my Global Protect SSL Client connects to the firewall with no issues.  I get the IP, the routes and the DNS servers but I don't get anything listed in the DNS Suffix entry.  I have configured the DNS Suffix correctl

...

MHaran by L1 Bithead
  • 6640 Views
  • 5 replies
  • 0 Likes

syslog configuration

Hi,

I have attached  my syslog configuration . 

but in my syslog i missed most of the logs .

then assigned to the  policy  

 

To  forward all the logs  , attached configuration 

 

 

 

 

what if  i choose another facilty  ?

 

if i put one interface i

...

Palo alto syslog server.png
server pofile.png
sib2017 by L4 Transporter
  • 3887 Views
  • 4 replies
  • 0 Likes

Wildfire

So currently I am using wildfire but only choosing to forward the file. Is anyone using the block option? If so are what are the pros and cons?

jdprovine by L4 Transporter
  • 3500 Views
  • 7 replies
  • 0 Likes

vwire & VLAN tagging?

Hi all,

Is there any issue with configuring a vwire for both tagged and untagged traffic. For example use VLAN tag 0 AND whatever my real tags would be, like 1, 100, 200, etc. I'm assuming it will be fine since there is an option for 0-4094.

Any issues

...

BigIr0n by L0 Member
  • 8479 Views
  • 6 replies
  • 0 Likes

User-ID Group Mapping for Multi Domain Single forest

Hi everyone.

I'm trying to setup a User-ID installation for our multi-domain Active Directory environment.

 

Here is a rundown on what we have

DomainA = Workstations, groups, users, servers, etc. The main domain where everything is conducted

DomainB

...

Resolved! Manual failback for PBF

Is there a way to force PBF rules to have to be manually failved back? As it is now, if our primary ISP fails, we failover to a secondary ISP using PBF. However, once the primary is back up, things fail back to it immediately. We would like to preven

...

cburke by L1 Bithead
  • 5443 Views
  • 9 replies
  • 0 Likes

Losing group mappings suddenly

Hi, 

 

We have a PA3020 with PanOS 6.1.10. We are having problem with any groups, suddenly the Palo Alto loses group mappings in 2 groups and the rule stops matching, we dont know why PA stops identifying the groups.

 

I have checked the useridd.log

...

Aggregate Ethernet Considerations

Hello Everyone, 

 

I just want to double check my understanding of AE interfaces limitations indicated below. Appreciate your feedback.

 

1. I cannot mix 1G copper interfaces with 1G fiber interfaces in the same AE. Is this correct for all platforms

...

PCoIP traffic getting dropped because it's using SSL

I have VMWare View clients and I'm trying to set up the rule with the vmware-view App-ID, but the traffic gets dropped at PCoIP. The PA logs are showing tcp/4172 as SSL, even though PCoIP has port tcp/4172 defined.

 

 

Is this an issue with the App-I

...

Maxstr by L3 Networker
  • 8082 Views
  • 13 replies
  • 0 Likes

Globalprotect and simple SSL VPN?

It appears that, after a user has authenticated to a Globalprotect portal for the first time, they are prompted to download and install client software. Does Globalprotect (or Palo Alto in general) provide the option of simple client SSL VPN? ie; whe

...

Upgrade 6.1.x to 7.0.x

In the release notes of 7.0.5-h2 there is now this information:

 

Before you upgrade to PAN-OS 7.0.3 or a later PAN-OS 7.0 release, you should review the information about how to upgrade
a firewall to PAN-OS 7.0. Additionally, if virtual system (vsys)

...

Anon1 by L4 Transporter
  • 7445 Views
  • 10 replies
  • 0 Likes
  • 23698 Posts
  • 110 Subscriptions
Top Solution Authors
Labels