General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Unblock IP address after threat triggered block-ip

Suppose a long time value was set for a threat where one had set the action to block-ip - say 10 minutes

Is there any way via the CLI or GUI to see the list of IP addresses that are blocked due to the threat engine?

Better still, is there a way to clea

...

How to find active high bandwidth user

If a Palo Alto firewall is experiencing high throughput, what's the best way to find the source user/IP while the high throughput is occurring?

We have all of our security policies set to log on session end, so that traffic log wouldn't help since the

...

jambulo by L4 Transporter
  • 6288 Views
  • 2 replies
  • 0 Likes

How many security rule supported for PA7050?

Hi guys.

Nowadays I have got a project for installing PA7050 but I confused about the PA7050 how many security rule supported for PA7050. Several months ago, I checked the DataSheet and Compare tools of PA7050 that mentioned PA7050 supported 80,000 ru

...

Resolved! Panorama Application and Antivirus discrepancy!

Currently our Panorama General Information window on the dashboard is showing the following:

Device Name: SA-PANMGMT1

Application version: 489-2600 (03/03/15)

Antivirus Version: 1503-1978 (03/10/15)

I change context to one of our two firewalls (both the

...

Crash28 by L1 Bithead
  • 1963 Views
  • 1 replies
  • 0 Likes

Site to site VPN with isa server firewall

Dear Friends,


I am facing some challenge, vpn configuration with ISA server firewall. Ph-1 is up but PH-2 is not. when i put the proxy id both side firewall external ip , both Ph is up. when i put the LAN segment like (local 172.30.30.0/24 remote 192.

...

Satish by L4 Transporter
  • 1763 Views
  • 1 replies
  • 0 Likes

The Check Point Advantage

3 years ago, we replaced Check Point firewalls with Palo Alto Networks.

Seems this was a huge mistake. We might have to go back …..

The Check Point Advantage

"Palo Alto Networks, a newcomer to security, falls short in their architecture and solutions"

A

...

Dulle by L2 Linker
  • 6032 Views
  • 5 replies
  • 1 Likes

Interface Names (for purposes of SNMP)

Is there any way to change the name or description of an interface in the device configuration? We use What's Up Gold to monitor most devices on our network- it walks SNMP and retrieves the default names just fine (mgmt, ha1, ethernet1/1, ethernet1/2

...

ShaunD by L1 Bithead
  • 3625 Views
  • 2 replies
  • 0 Likes

Resolved! LACP and HA pair

My tested design has been to LACP between the same LAG (i.e. AE0) on the PA primary and secondary units, to different LAG entries (ie. AE0, AE1) on the outside and inside equipment (Both Juniper).  I have one device though (Juniper SRX) that has VPN

...

template occurances / template used

Would it be possible using panorama   to find out where we have mapped specific template , for example we have template for IKE cryo , can we track using panorama on how many firewalls we have mapped that.

Palo Alto Networks Content Updated email fail

That i just received April 7th lists all the other "Chris's" that subscribe to these updates in the CC field.

My teammates received the same with all other PAN users that shared their names.

With about 100 carefully selected names we could build almost

...

cramman by L2 Linker
  • 2311 Views
  • 2 replies
  • 0 Likes

Resolved! How to make access for another router thru PA-500

I need to setup router from vendor with official ip adress because it cannot use nat. It will support a service from Miele called "Miele Logic".

Without setting this directly on modem wiith swith I want to sett this on interface at PA.

I have not figur

...

MyhreNDS by Not applicable
  • 3276 Views
  • 5 replies
  • 0 Likes

SSLMGR-cert-ocsp-verify-failed error

Hi Guys,

My client has configured LSVPN. The tunnel is up, but he is getting the sslmgr-cert-ocsp-verify-failed error message.

It said SSLMGR certificate ocsp verification failed. Certificate xx status is unavailable.

Has anyone experienced the same iss

...

MelLi by L2 Linker
  • 4963 Views
  • 3 replies
  • 0 Likes
  • 23579 Posts
  • 103 Subscriptions
Top Liked Authors
Labels