General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

QoS on Aggregate (AE) interface

Hi, I am using PAN 7.0.3. I got two GigaE interface to form the AE Interface, however, I cannot set the Max Egress value more than 1000. And also, from the QoS Statistics and never seen the runtime bandwidth goes more than 1000. If so, it looks meaningless to us for the aggregaated interface to have 2GBps.

Koala by L2 Linker
  • 7491 Views
  • 7 replies
  • 0 Likes

Wildfire - email notification issues

Has anyone else experienced wildfire email notifications not being sent to all team members? Basically we have 3 team members who are all setup the same to recieve wildfire email notifications. One team member gets about 95% of the notficitions via email the other 2 team members only get 5% of the notifictions via email. This has been ongoing ...

lewis by L4 Transporter
  • 4179 Views
  • 4 replies
  • 0 Likes

Resolved! Does enabling Packet Capture on Security Profiles degrade system peformance?

Does enabling Packet Capture on Security Profiles degrade system peformance?The client has 3 5050's, one placed at each of 3 different sites. Are there any other costs or limitations assosicated with enabling this feature? Is single-packet or extended-capture preferred?Does Palo Alto have any best practices around this feature? Thanks.

vsolwazi by L1 Bithead
  • 7686 Views
  • 6 replies
  • 0 Likes

Panorama logs missing beofre a date

Hi, We have 2 FWs sending logs to Panorama. We see the logs in Panorama after 3 January but not the logs previous this date. Why??? we havent done anything in Panotama for not to see this previous logs. Regards, JC

Time for URL category changes

Hi,Is the standard period for URL category changes approximately 1 business day? I thought this was the approximate turnaround however I have had 2 request exceed this time frame. Is there a fater method than using Palo Alto Networks URL Filtering - Test A Site or manual whitelisting? Thanks.- Tyrone Smith

tyrone by L0 Member
  • 5745 Views
  • 5 replies
  • 0 Likes

Resolved! Not showing interfaces in service route configuration

Hi, I have a firewall in which i am not able to change the service route configuration for Email service, when i click on the email service i see only three choices : MGMT, Default and Any though that when i click on any service i can find all the Dataplane interfaces. I tried to do this via CLI but same result. If i selected interface= Any ...

Resolved! Client certificate profile with two CA (Globalprotect)

Hi, We have PA-5050 version 6.0.7 and GlobalProtect cliente 2.3.3 (we also test 2.3.4). We have created a client certificate profile with two CA certificates, a portal configuration with this certificate profile and a gateway configuration with the same certificate profile and authentication against certificate's local database. When we try to c...

JRSanch by L1 Bithead
  • 2552 Views
  • 1 replies
  • 0 Likes

Monitoring profile troubles - Dual ISP

I got a TAC with PA opened for this one but wanted to ask the community if you've experience this one. The problem is when the PBF kicks in (disabled primary circuit) the primary circuit traffic immediately fails over to the backup ISP. I've adjusted the fail-over monitoring profile interval's and the threshold but neither seem to have an affe...

treese by L3 Networker
  • 2958 Views
  • 2 replies
  • 0 Likes

Minor feature request - Move up/Down rules in GUI

Hi,Minor thing.. but maybe something for a future release down the track?..When you create a new rule (or want to re-position existing)and click 'Move'.. instead of just up or down.. allow a line number to be entered in the dropdown.and have the rule move directly there!This way one may position the selected rule exactly where they want it.. in ...

VicPark by L0 Member
  • 3220 Views
  • 2 replies
  • 1 Likes

Resolved! TSM backup and app override

Is configuring app overide for backup traffic like TSM best practices? TSM is always our biggest talker on all our firewalls and we know this traffic. It seems to me we wouldn't want the fw to inspect it all the way through layer 7. Please provide some feed back and if you agree, an config example would be greate. We have a few TSM servers a...

treese by L3 Networker
  • 5212 Views
  • 4 replies
  • 0 Likes

PA-500 Boot Time being slow

I have (3) PA-500's, and the one thing I have noticed on all of them, is that it takes up to 10 min. to boot. It takes 15 min or longer if there is a new release being installed. What does the PA use for storage, and why does it take so long in this age of SSD and fast boot times? Under the hood, it looks like it's running a customized ver...

Resolved! Way to ignore dependency warnings?

We have setup a general web browsing policy and users were being blocked from viewing github. We allowed github-base to the policy and commited it. They can now view github without any issues but every time we commit we recieve a warning "Application 'github-base' requires 'ssh' be allowed." . We do not want to allow ssh outbound without limi...

ACESJosh by L1 Bithead
  • 12163 Views
  • 10 replies
  • 0 Likes
  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels