General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Site-2-Site IPSEC Tunnel won't come online

i have three offices:office 1: US - northeast 1.1.1.1 PAN-500HAOffice 2: US - southeast 2.2.2.2 PAN-3020HA HQ siteOffice 3: Shanghai China 3.3.3.3 PAN-200all three IPSEC tunnels were up and running. My Office 3 moved locations and when they did that we obtained a new static IP from the executive office we moved into. We updated the fire...

Resolved! Manage policies using CLI from a computer

Hi,We need to programmatically toggle our PA500's GUI setting "Policies / Captive Portal / My_CP_Policy / Action" between "no-captive-portal" and "web-form" from a windows server.I assume that this is possible using CLI remotely, but where can I find documentation how to setup everything for a task like this?Thanks a lot for help on thisregards...

Using Netflow v9 in a Active/Active cluster

I configured a Netflow profile and associated it with a "Untrust" Interface on my active Machine in my setup.I was surprised seeing that the second Active machine got this assotiation too. So I accume both machines are sending to the same receiver and to the same port.I'm new to Netflow and my question is: How does the receiver distinguish which...

rkra by L2 Linker
  • 1924 Views
  • 1 replies
  • 0 Likes

Terminal services agent issue with traffic dropping

Hi,We currently let our TSA connect to our management interface. This is however causing problems in that in about 30 mins all traffic is dropped on the management interface. The GUI and CLI and such are time-outed then. To resolve this we need to remove the TSA on the PA and the interface works fine again.Support recommends to provision an dedi...

Resolved! Pre-Logon Global Protect

Got the pre-logon function working ok. The problem i have is that it doesn't seem to start quick enough to process login scripts etc.For example when I log onto my network LAN using the laptop the drives are mapped and i get a pop up announcement message - all standard stuff.When I then take the laptop off the LAN and connect it to the internet ...

djrodb by L3 Networker
  • 9523 Views
  • 3 replies
  • 0 Likes

Grouping Countries

Hello,I've been asked to block certain countries...- All of Europe except Spain- All of Asia (except Japan, Australia, Korea, Singapore, Taiwan)- All of AfricaI figured I could add those countries to a "Denied Countries" group to use in a security policy but I don't see the countries listed when I try to create my address group... they only exis...

dwoolley by L1 Bithead
  • 4921 Views
  • 4 replies
  • 0 Likes

Resolved! Public IP Behind PaloAlto

We have a /24 public IP network where some of the IPs will not NAT and some will NAT. For the scenario were there will be no NAT, the host behind the PaloAlto will have a public IP assigned to the NIC. Under what scenario would I break up the /24 into smaller subnets or leave the subnet as a large /24. This is for a pa-500 in Layer 3 configur...

Resolved! Is it possible to create reports or graphs displaying type and amount of transported data, sources and dests?

Where to start with this topic:I can monitor the bandwith with SNMP and PRTG Network Monitor.Now I'm interested in data >>>PA can provide <<< about types of data, sources and destinations?I would like to check e.g. this:How much VoIP is running through the PA?Who is downloading most data at the moment.a.s.o.I know there is sflo...

rkra by L2 Linker
  • 4283 Views
  • 5 replies
  • 0 Likes

is it possible to forward clients with paloalto for websense ?

Hi all,There is a topology like below.Clients using Cisco vpn and they are enforced to use some proxies(enforced from Active Directory)There is a Local Websense but it cannot be used because of that enforcement.Can Paloalto firewall decrypt that SSL traffic and make websense available to use ?is that possible ?Cisco Any Connect Client-----------...

Resolved! Failure to Delete a Certificate

PA-200PAN 6.01I imported a certificate, but failed to do something correctly. I wanted to delete the cert, and start over. When I select the certificate 'ServicesVPN' and click Delete I'm told ... 1- Failed to delete Certificate - ServicesVPN. ° ServicesVPN cannot be deleted because of references from: ° deviceconfig -> system -> sy...

bdunbar by L3 Networker
  • 10388 Views
  • 12 replies
  • 0 Likes

Resolved! FTP Server: No Allow policy but 3-Way-Handshake and Username prompt possible?

There is no allow policy from Untrust to DMZ to contact the FTP Server.There is an deny policy instead as a last policy between ZONE Untrust und ZONE DMZ.But if I try to connect to FTP Server a connection is estabilished and my FTP Server asks for a Username.This is the end of communication - but is anyone allowed to connect to my FTP Server?Roman

rkra by L2 Linker
  • 5133 Views
  • 7 replies
  • 0 Likes

Resolved! Could I use a Asian 2 bytes charset on CLI when I configure?

HelloI tried to configure on CLI using 2bytes Asian charset as below.As you see below when I configure 2bytes Asiasn charset to description column and then PAN showed error message is Server error : Malformed Request.So I questioned weather PAN could be configured using Asian charset on CLI or not.admin@PA1(active)# set rulebase security rules r...

Roh1 by Not applicable
  • 5119 Views
  • 3 replies
  • 0 Likes

Disable SSL - IPSEC only

Hi,a quick one: is it possible to disable SSL VPN at GP? So users can only connect via IPSEC...I know its possible to do it the other way but we like to have a IPSEC only portal/gateway.

Hithead by L4 Transporter
  • 11052 Views
  • 12 replies
  • 1 Likes
  • 24394 Posts
  • 123 Subscriptions
Top Solution Authors
Labels