General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! syn-cookie

Hi, Where I can enable syn cookie . SYN Cookie is activated when the SYN flood attack threshold is exceeded ? Thanks

sib2017 by L4 Transporter
  • 6893 Views
  • 4 replies
  • 0 Likes

How can I block a URL from the internet?

Here is my dilemma: I have an appliance that is accessible over the internet. I need the public to be able to access this (it is for web conferencing). The admin portal is also available. I would to block access to the admin portal over the internet, and make it only available from my LAN (via its private IP). Let's say that the URL is: http...

rpainter by L1 Bithead
  • 3725 Views
  • 2 replies
  • 0 Likes

Create Certificate CA for server RADUIS

Dear engineers.I could help I have the following questions:reviewing this document.https://live.paloaltonetworks.com/t5/Configuration-Articles/Captive-Portal-Using-Transparent-or-Redirect-Mode-in-Vwire/ta-p/66125My question is how I certificate, try to find the certificate mentioned in the link, but can not find or can create it.in my case I am ...

Edluna by L1 Bithead
  • 2135 Views
  • 1 replies
  • 0 Likes

Resolved! Dual ISP Branch Office with PA HA (2 PA with HA Configured

I see examples of using 2 ISPs with one PA. I also see that senario with Global Connect, Lad Balancing and IPSec Tunnels. However, I do not see where it states these types of senario's can be used in a PA-200 HA senario. Can anyone shead some light on using Dual ISP's with HA Palo Alto Firewalls. I know the fail-over is different on the PA-200,...

Resolved! Palo Alto Configuration Using CLI

Hello, My question is as follows: If I make changes (ruleset, objects, etc.) from the command line, how do I get those changes to show up in the GUI? What if by chance someone else is working in the GUI; what happens to my changes if a save and commit is done? Or, if I perform a save and commit? Situation: Brand new firewall is installed and in...

jasfree by L1 Bithead
  • 3327 Views
  • 3 replies
  • 0 Likes

Resolved! PAN 0S 7.1.1 Mode active/passive Still Display Not Synchronized

Hello After Upgrading To 7.1.1 The 2 devices PA-500 mode Active/Passive. The display keep Not Synchronized. The command -show job id x- for HA sync display OK (no warnings). The command -show high-availability state-synchronization- show all synchronized except A/A session stup A/A session stats and A/Packet (I am in A/P so it is normal). Is It ...

plebras by L1 Bithead
  • 8818 Views
  • 9 replies
  • 0 Likes

Revert back a 6 OS from 7 OS

Has anyone had to revert back from an upgrade? Especial from 7 OS from a 6 OS? If so how did you do it and how easy was it? I am preparing to move from 6.1.10 to 7.06 and I want to make sure that I cover every possible scenario. Luckily I have a secondary that I can try it on first. Can you revert back and reinstall the previous OS that you upg...

jdprovine by L4 Transporter
  • 4435 Views
  • 7 replies
  • 0 Likes

about ssl decryption error

Hi there, recently we have implemented ssl decryption in our network , But Chrome comes up with "ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION"

Resolved! VPNC + PAN-OS 7.1

Does anyone use vpnc (As in the linux ipsec client) with xauth connecting to a PA? We have a bunch o' PA's which we are in the middle of upgrading to 7.1 however once an upgrade from 7.0.6 to 7.1 is done, VPNC will no longer connect. Downgrading back to 7.0.6 again allows VPNC to connect. The error in the logs is (ISAKMP_N_ATTRIBUTES_NOT_SUP...

New to the Palo Alto platform and have a migration question

I am fairly new to the company I work for and have inherited a network that has two ISP's with two firewalls. One firewall is an older ASA and the other is a small Sonicwall. I have pretty good experience with the ASA platform. However, the Sonicwall is new. They currently have a DMZ configured on the Sonicwall using something called "Tran...

fcrooks by L1 Bithead
  • 6452 Views
  • 8 replies
  • 0 Likes

What's the best way to permit app on non-standard port?

For instance, web browsing on port 8080. I don't want to just set the service as I also want to use port 80 and there are other apps in the rule and I'd like to use app-default as the service. I defined a custom app with web-browsing as the parent and the port as tcp/8080. That worked until I upgraded to 7.1.2 and then it broke. I'm aware t...

Behaviour app override

Hi, we are having an issue using app override. 1) We have created a custom app for Oracle (without timeout). Using these ports: tcp1521-1541. This is the config This is the app override policy: This is the security policy (app any and ports involved in this app 1533 and 60xxx): Service profile for ports open in this ORACLE connectio...

App customized.jpg
appoverride.jpg
reglaaplica.jpg
ports high.jpg

Clearing Traffic Log

Running 7.0.6 on 7050's I cleared traffic logs and lost connectivity to management sever and took about 30 min after restart of mgmt sever for traffic logs to reappear . Is this normal. Which log file has info on managemt disconnect files/reason info.? Log Reevier logs showed LPC card shut down as well but wasn tsure if that would equally cause...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels