General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Best Way For Configuration of 5 PA-200 Before Shipping To Remote Location

The next big project, regarding Palo Alto, is deploying a total of 5 PA-200’s. 4 will be located in 3 different locations in Mexico. 1 Mexican location will have 2 PA-200’s setup in HA mode. The remaining PA-200 will be deployed in Managua, Nicaragua. They all will be configured with Wildfire, Threat Protection, URL Filtering and Global Protect....

Can't access management when PA200 is in line

I have a PA200 and when I only have the management port plugged in, I can access the management interface. When I put it inline and have production traffic running through it, I'm no longer able to access the management interface. I have two NAT rules: one for a Playstation and one for general outbound using DIPP. I need to do some troubleshooti...

kbreit by L1 Bithead
  • 3305 Views
  • 3 replies
  • 0 Likes

Resolved! OSPF Link State Database Overload Protection for Palo Alto Firewall

Hi, We're migrating from a Cisco ASA to a Palo Alto firewall device. I had a query about the OSPF Link State Database Overload Protection for the Palo Alto Firewall The Cisco ASA firewall provides OSPF Link State Database Overload Protection using the max-lsa commandHere is the Cisco reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feat...

mskpalo by L1 Bithead
  • 4391 Views
  • 4 replies
  • 0 Likes

Active Directory group naming scheme

Hi all,I'd be interested to here is anyone has come up with interesting naming schemes for AD groups used within Palo Alto firewall policies.I'm looking for inspiration as I'm looking to come up with a logical scheme on our end. Cheers.

Local admin account locked

I have a cluster of two Panorama systems. When I try the local admin account on the primary-active node the system generates a log entry saying that 'failed authentication for user admin. Reason: User is in locked users list. The same account name and password works on the secondary-passive node though. Any idea what's going on the admin acc...

Resolved! test custom-url command with Panorama deployed rules.

I'm trying to test a few urls in a custom url category I have deployed on my FW, but am unable to get to work. All my rules/objects are pushed out via Panorama and it seems as though the command only allows you to test locally defined rules (i get an error when specifying the rule name unless i use a local one). I don't see this test custom-ur...

chrisp by L3 Networker
  • 5254 Views
  • 5 replies
  • 0 Likes

SSL Inbound Inspection

Hi,I have setup a decryption policy to decrypt inbound SSL traffic for the Exchange web mail server. However, when I check the logs I see only some traffic as decrypted and some arnn't. Refer below screenshots,Why isn't the policy not decrypting all the traffic?I'm trying to decommission the Microsoft ISA server used as reverse proxy for Exchnag...

Shayan by L1 Bithead
  • 7458 Views
  • 6 replies
  • 0 Likes

GlobalProtect with X-Auth split tunnelling

Hi guys,I'm working on a GP portal and gateway configuration, in order to provide to the customer full compatibility with the old vpn clients (ex: cisco) I enabled X-Auth support on it. The client with a third party software authenticates but it always gets a default route 0.0.0.0 and not the single networks specified in the GP Gateway-->Clie...

Resolved! Problem with access to WF-500 Appliance

Hello, I try to access to the WF-500 via the Mgmt interface but I found the error message in the attachement. What is the reason of this issue ? what should i do to resolve this problem? I will appreciate all your helps.

wildfire.JPG
RCHAIBI by L2 Linker
  • 4492 Views
  • 5 replies
  • 0 Likes

Please tell me why send a email with BMP image will judged to be a threat?

Please tell me why send a email with BMP image will judged to be a threat?The firewall will show up a threaten sentence, during the sending job..Please help me here. Thank you. Threat Details: Name: IBM Lotus Domino BMP Parsing Integer Overflow VulnerabilityID: 38197DescriptionIBM Lotus Domino is prone to an integer overflow vulnerability while ...

Resolved! RFC 3021

Does the firewall support RFC 3021 IP Space aka 255.255.255.254 mask on routed point to point interfaces?Thanks,Ray.

rholman by Not applicable
  • 8098 Views
  • 5 replies
  • 1 Likes

IPSec VPN issue between Palo and MS Azure

Hi Guys, Having problems with a site2site VPN connection on a palo alto firewall. It seems to randomly drop and stop working. Sometimes it will stay up for days then drop and other times it stays up for about an hour and then drop. I have followed various guides from palo and Microsoft (this is a VPN to MS Azure) on how to configure it and as I ...

VPN logs.png
  • 24390 Posts
  • 123 Subscriptions
Top Solution Authors
Labels