This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! What is HTTP OPTIONS Method

Hi,

In our ACC I can see that the status bar is 3.7, thanks to the vulnerability HTTP OPTIONS Method. The problem is that I have no idea what this is and how I can fix this.
How can I fix this problem?

ZEBIT by L3 Networker
  • 7187 Views
  • 3 replies
  • 1 Likes

Traffic from one zone to another

Hello.

We have two virtual wires called 'eduroam' and 'live'. There are two zones linked to eduroam, namely 'eduroam_tr' and 'eduroam_untr'. There are also two zones linked to 'live', called 'live_tr' and 'live_untr'. We would like to allow communica

...

shilpaal by L1 Bithead
  • 1998 Views
  • 3 replies
  • 0 Likes

There are drop counters when performance test

Hello,

I am doing performance test with Breaking Point about throughput , CPS.

While testing, I have found drop counters as below.

session_dup_pkt_drop                     701        3 drop      session   resource  Duplicate packet: Applies only for mul

...

Resolved! GlobalProtect Auth Problem after making new VSYS

When ever we make a new vsys our global protect authentication fails with user not in allow list. Has anyone else seen this problem.  We are going from one one system to 2 vsys's.  ( I don't know the correct wording)

Moving/importing logs after HD failure

Hi.

Recently, owing to an unplanned abrupt shutdown of my active firewall, I ended up with a hard drive corruption which prevented it from booting up (thank $deity for HA pairs).

Quite apart from PA's *ridiculously* bad response time to replace the har

...

darren_g by L4 Transporter
  • 3872 Views
  • 10 replies
  • 1 Likes

Layer 2 vs. Layer 3 Deployment

Hi!

At the moment, I hover between a Layer 2 and Layer 3 Deployment of my PA.

My setup is:

                                                            |     |     |    |

Internet <-> IPSEC-router <-> DMZ <-> internal firewall

                            

...

Dynamic Roles vs. Role-based Panorama

Hi everyone

So I was just wondering if anyone else has noticed a discrepancy between role-based and dynamic roles on their Panorama. I notice that "botnet" and "session browser" are not drop downs for my role-based admin role. That is fine since https

...

jprice2 by Not applicable
  • 1960 Views
  • 1 replies
  • 0 Likes

Cisco to PA Access List Migration

Hello,

I am in process of prepping a Palo Alto 5050 to replace a Cisco FWSM. I am doing most of the configuation on the PA by hand, but I was wondering if anyone knows how to best go about importing over 5000 Cisco access list lines into the Palo Alto

...

mwhitlow by L0 Member
  • 2949 Views
  • 7 replies
  • 0 Likes

A lot of traffic on port 443 (https) to ip 65.52.98.231

Hello,

I have a lot connections from my firewall to public IP addresses 65.52.98.231 port 443.

Our SIEM correlated events and generating the following offense:

    Event Name:    Excessive Firewall Accepts From Multiple Sources to a Single Destination

  

...

SOC_CSG by L4 Transporter
  • 5225 Views
  • 3 replies
  • 1 Likes

Resolved! DCHP GLOBALPROTCTECT

Hi there.

I wonder if it is possible to match an IP address with a MAC Address, this can be done in the normal DHCP in a public interface, but not if one GlobalProtect in DHCP can be made.

Axca by L0 Member
  • 2973 Views
  • 3 replies
  • 0 Likes

Resolved! SSL Offloading 'Forward Trust' grayed out

Hi,

I have created a certificate from my local CA and also have imported the CSR from PA to the local CA, created the

identity certificate, all is well, but it seems I am not able to "Check Box" the "Forward Trust Certificate" on the  PA.

This it seems

...

rz185016 by Not applicable
  • 5896 Views
  • 5 replies
  • 0 Likes
  • 23727 Posts
  • 104 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks