General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Minor feature request - Move up/Down rules in GUI

Hi,Minor thing.. but maybe something for a future release down the track?..When you create a new rule (or want to re-position existing)and click 'Move'.. instead of just up or down.. allow a line number to be entered in the dropdown.and have the rule move directly there!This way one may position the selected rule exactly where they want it.. in ...

VicPark by L0 Member
  • 3220 Views
  • 2 replies
  • 1 Likes

Resolved! TSM backup and app override

Is configuring app overide for backup traffic like TSM best practices? TSM is always our biggest talker on all our firewalls and we know this traffic. It seems to me we wouldn't want the fw to inspect it all the way through layer 7. Please provide some feed back and if you agree, an config example would be greate. We have a few TSM servers a...

treese by L3 Networker
  • 5221 Views
  • 4 replies
  • 0 Likes

PA-500 Boot Time being slow

I have (3) PA-500's, and the one thing I have noticed on all of them, is that it takes up to 10 min. to boot. It takes 15 min or longer if there is a new release being installed. What does the PA use for storage, and why does it take so long in this age of SSD and fast boot times? Under the hood, it looks like it's running a customized ver...

Resolved! Way to ignore dependency warnings?

We have setup a general web browsing policy and users were being blocked from viewing github. We allowed github-base to the policy and commited it. They can now view github without any issues but every time we commit we recieve a warning "Application 'github-base' requires 'ssh' be allowed." . We do not want to allow ssh outbound without limi...

ACESJosh by L1 Bithead
  • 12188 Views
  • 10 replies
  • 0 Likes

Draytek Vigor - Site to Site VPN

Hi there,I'm looking to setup a few site to site VPNs using a PA2020 at our HQ site with Draytek Vigor 2830n routers at the other end. We have fixed IP addresses on the other end so I don't need to worry about the issues with dynamic IPs. I was wondering if anyone has experience with setting them up and if they had any issues getting them up and...

UKRB by L3 Networker
  • 5694 Views
  • 2 replies
  • 0 Likes

FQDN Address Object wont resolve

Hello, I am trying to setup a U turn NAT that runs so that any system trying to contact time.apple.com using the NTP protocol will be rerouted to an internal NTP server. We do not allow NTP out and iPhones and iPads ignore DHCP settings for the NTP server. I have created the NAT rule and when I input the destination as an IP address (not an ...

PhilH by L2 Linker
  • 16098 Views
  • 9 replies
  • 0 Likes

Resolved! How to make App-ID migration with a configuration splitted between Panorama and Firewall

I have a customer installation with addresses and services defined in the Panorama as shared objects. On the other side, all rules (using those objects) are define as local policy on the firewall. When I import panorama config in migration tool I see all objects. But when I import firewall configuration, policies display addresses and addresses ...

pglohr by L2 Linker
  • 10350 Views
  • 6 replies
  • 0 Likes

Youtube getting falsely recognized as google

Shortly, after the APP-ID changes were implemented, I'm having problems with youtube. By default we disable general access to youtube. However, we do allow access to specific videos. When I attempt to connect to youtube.com using http, I get blocked properly. But when I go to it using https. I pretty much have free run, and when I review the...

bwsaloum by L2 Linker
  • 3826 Views
  • 2 replies
  • 0 Likes

migration ipsec rsa vpn from juniper ssg

Hello all, There is 2 juniper firewalls.side to side between them.Side A and Side B I'm going to change side A with Paloalto and for sideB change configuration is not allowed. So everything is ok except for vpn.inside juniper phase 1 profile is selected as preddefined Rsa(rsa-g2-3des-sha sig), so what will I do on paloalto ? Thanks.

mathsss by L1 Bithead
  • 5126 Views
  • 6 replies
  • 0 Likes

GlobalProtect Prelogon without initial Internet Connectivity

Hi, Please can someone explain to me how GlobalProtect Prelogon can possibly work without any valid internet connection. For example in a hotel or cafe, you have to be logged into your laptop first to connect to the hotel's wifi portal so how does Prelogon work in this scenario?

indysogi by L2 Linker
  • 10957 Views
  • 9 replies
  • 0 Likes

How custom forward logs to syslog server

We are sending all logs from Palo to SIEM. How can we eliminate those of low or no value to us (exp. Allow_TCP_End) to be sent to syslog server? The server fills up quickly and there's a large amount of logs that provide no insight during analysis; we would like to NOT forward such logs. In other words, how pick and choose which event logs to se...

Arezoo by L0 Member
  • 3298 Views
  • 2 replies
  • 0 Likes

Resolved! Panorama LDAP group mappings not updating for user-id

We have user-id setup and every cluster with a designated master device for user-id mappings. I have the group mapping of the new AD group showing in the gateway itself, however when I go to implement the group in a policy in panorama, it will not display the new group. I have done a forced refresh on the gateway and refreshed the panorama but w...

VPNC Ports?

Hi all, I have enabled VPNC for my Linux users who cannot use GlobalProtect. Does VPNC use port 443 like globalprotect? Can't seem to find any information about this on the web. -Matt

mmclimans by L3 Networker
  • 2910 Views
  • 1 replies
  • 0 Likes
  • 24401 Posts
  • 123 Subscriptions
Top Solution Authors
Labels