General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

IPSEC interoperability - PAN-VM-200 to CISCO ASA 5505

Good Day First - Do you need a IPSEC license for a PAN-VM? Second - Can I follow the PAN guide for - "IPSEC interoperaability between Palo Alto Firewalls and CISCO ASA"? The reason I ask is the guide show conifguration between a PAN-5060 and a ASA 5505. Third - Has anyone done this configuration? and are there things to watch for? Thanks...

burtond by L2 Linker
  • 8168 Views
  • 11 replies
  • 0 Likes

Software versions

Why are for example the software version 7.1.3 (29.6.2016) ready for download and update before 7.0.9 (1.8.2016)? When I look at the Software-option under Device when I am about to update my PA-3020, I get confused when I see for example version 7.1.2 one day and 7.0.7 the next day. My only guess why it is like this, must be the version installe...

NilsRune by L0 Member
  • 3893 Views
  • 3 replies
  • 0 Likes

ISP Load balancing with ECMP

I have the Following Scenario on a PA-200 [ISP1]Zone = UntrustEth1/1 = 192.168.7.110/24Modem GW = 192.168.7.1/24 [ISP2]Zone= UntrustEth1/2 = 192.168.5.110/24Modem GW = 192.168.5.1/24 [Local LAN]Zone=TrustEth1/3 = 10.1.1.1/24Running DNS-Proxy and DHCP for Eth1/3 In the Default VREnabled ECMP0/0 to 192.168.7.1 [ ISP1 ]0/0 to 192.168.5.1 [ ISP2 ]Su...

m7usman by L1 Bithead
  • 7220 Views
  • 6 replies
  • 0 Likes

How to filter rule by subnet

Hi there, I'm trying to filter the rules via subnet. Is this possible ? I've tried copying (addr in '10.10.10.0/24') from a working log filter search and that doesn't seem to work. There's no filter builder like the log search box so i can just use that to figure this out. This is not very intuative. is it even possible to filter rules by Sub...

Mugwali by L2 Linker
  • 3159 Views
  • 2 replies
  • 0 Likes

Resolved! Benifit of Target Tab in security policy on Panorama.

Hi Guys. Good day!I would like to know that what is the benifit of target tab on Panorama. For eg. I create a shared policy. Now I push it to firewalls I choose using device group while commit. Now I create shared policy and choose target (never done it). Do I need to commit on device group than?What will happen if I commit on all devices but...

yadsingh by L2 Linker
  • 6232 Views
  • 4 replies
  • 0 Likes

Resolved! Parent Application Subtypes automatically allowed?

Hi All, In a security policy, if I allow Application "ipsec" with service as "application-default" then will the firewall also allow- ipsec-esp- ipsec-esp-udp- ipsec-ah- ike ? If you see applipedia, and if you search "ipsec" then you see the above mentioned 4 applications as sub-types of the application "ipsec". Hence the question. Same is also ...

Issue after Internet Upgrade

We recently installed a new 300/300 circuit and MIS router at my workplace. No IPs have been changed, but since the upgrade we cannot ping internet addresses, and our latency and speed results from speedtest.net are horrific (like 1000+ and less than 1/1 at times.) Strangley, the network isn't crippled, but it should be performing faster than ...

Lmg412 by L0 Member
  • 3188 Views
  • 3 replies
  • 0 Likes

Service settings in a NAT

I ran across this setting this morning- when setting up a NAT rule, you can specify a service or service group. Cool, but is there a reason to do that when a policy is necessary to open a service port?

cloughr by L2 Linker
  • 4012 Views
  • 3 replies
  • 0 Likes

Error Checking credentials - Gateway Timed out

Hi There, I have installed Minemeld on my Ubuntu Server 14.04.. And the service is up and running.. Wheneve I use the default Username and Password to logon to the console, it gives me an error "Error Checking credentials - gateway timed out".. I have also checked the file opt/minemeld/log/minemeld-web.log for errors ? but could not find ...

maltwist by L2 Linker
  • 25652 Views
  • 15 replies
  • 0 Likes

Resolved! Cannot find pan_packet_diag.log on PA VM

Hello, I am new to this forum so please bear with me. I would like to use debug log feature on my PA VM. I am able to turn the logging on with the following commands:debug dataplane packet-diag set logdebug dataplane packet-diag set log feature flow basic But I am unable to localize the pan_packet_diag.log file to view the logs. dp0-log does not...

HAL9000 by L1 Bithead
  • 6259 Views
  • 4 replies
  • 0 Likes

Global protect authentication LDAP not working fine

Hi, we have GlobalProtect configured using a LDAP group for authentication in the VPN "cn=groupvpnusers,ou=_generic_groups,dc=it,dc=xxxx,dc=local" When we commit this new config using vpn group in Auth profile, the GP authenticacion is working fine but 2-3 hours later it starts to fail and we get this error in all users in this group "failed aut...

  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels