General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Panorama commit devices with different results

Hi,

We have a device group in Panorama with 4 devices members. When we've committed changes sometimes devices had the result "Commit succeeded with warnings", because we have some dependence warnings, but one of them has the result Commit Succeeded".

...

session browser source=0.0.0.0?

seeing a lot of sessions in the session-browser with a source ip of 0.0.0.0 (in the internal "trust" zone) - these tend to be UDP protocols, RTP, bittorrent, skype etc and the session browser shows them not matching any rule or having any bytes.  Are

...

PAN DHCP Server - Remote Subnet via IP Helper

Hi all,

is it possible for the PAN DHCP Server to provide IP assignment service to clients in a remote routed subnets via Cisco IP Helper address ?

http://www.freeccnaworkbook.com/workbooks/ccna/configuring-an-ip-dhcp-helper-address

Cheers

Roland

gafrol by L4 Transporter
  • 967 Views
  • 0 replies
  • 1 Likes

Test commnad on the nat policies

Hello,

I did an upgrade from a 500 model to a 3020 model. All the configurations work just fine. The problem that I see is that I cannot test the nat-policy rules. I have the following configuration:

..

snat-all-LANs {

        from inside;

        source

...

Anyone have a recommended limit for address-group size?

Does anyone know of a recommended limit for address group sizes?  I know that there is a 500 or so object limit to address groups, but at what point does the address-group size start or potentially start to impact performance?  Anyone have any ideas?

...

mgentile by L2 Linker
  • 712 Views
  • 0 replies
  • 0 Likes

Resolved! NAT based on URL or FQDN

Hi, I want to make a NAT based on a URL or FQDN.

I only have one public IP but several URL that I want to NAT to different inside servers.

I have this working on a ISA and want to do the same in the PA.

I have a PA 500 with 5.0.8.

Protecting private clouds

We are in the process of testing the deployment of Internet-facing services into Azure, such that they are accessible from the public Internet via Azure but have a VPN connection back into our environment. Obviously in this scenario we must rely on M

...

KGC by L3 Networker
  • 1760 Views
  • 2 replies
  • 0 Likes

traceroute application allows tcp port 80

Hi,

Received a call from a client said their external scanner shows their servers behind the firewall allows tcp port 80 connections and able to passive finger those servers, but there is no firewall rule permit tcp port 80 to those servers.  Digging

...

Top Liked Authors