General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

URL filtering profile

For particular traffic, session created and security rules hitsBut URL filtering profile blocks the traffic....when allow the unknown in URL filtering profile -traffics are allowed.In Logs: Packet categorized as Unknown udp...This traffic is Tally ERP 9.0 from client-server.Can i create custom app-id? with pattern or not?..so that the particular...

Javith by L3 Networker
  • 2451 Views
  • 2 replies
  • 0 Likes

Resolved! Configure NAT Policy for Exchange Server

We are brand new to Palo Alto and are configuring our first device, a PA-3020. We've been trying to configure a NAT policy that will direct inbound email to our Exchange server. Outbound email seems to work fine. Inbound email doesn't seem to be even hitting the firewall since there are no log entries. We have a Sonicwall firewall in place now a...

OliveIT by Not applicable
  • 7051 Views
  • 5 replies
  • 0 Likes

Panorama Threat Log doesn't display Custom Vulnerability Name

I have a Custom Vulnerability (41000) with the name "NXDOMAIN Response". The name displays correctly in the Name Column when viewing the Local firewall Threat Log. However, when looking at the consolidated Panorama Threat Log, the name appears as 41000. Does anyone know if this is a bug in Panorama or is it supposed to do this?Thanks,Jeff

jwolach by L4 Transporter
  • 2221 Views
  • 1 replies
  • 0 Likes

Route outgoing gmail application received on specific internal interface out different Public IP

I'm trying to figure out the best and easiest way to route all gmail application (gmail-base and gmail-enterprise primarily) that enters on an internal port from one network and send it out using a separate pubic IP we have. Currently all internet based outbound traffic goes out a using a single IP and we are having an issue with that IP getting...

Resolved! SSL Decryption Firefox issue

I am testing SSL Decryption and have setup the certs. IE and Chrome work like expected. But firefox is having an issue with untrusted site error (Error code: sec_error_untrusted_issuer)Has anyone worked around this problem before?

markk96 by L3 Networker
  • 10723 Views
  • 11 replies
  • 0 Likes

Order to reboot devices in HA pair (passive)

We need to reboot our firewall due to some issues related to the traffic logging not working. We have already attempted debug software restart log-receiver, syncing the devices etc and none of them have resolved the issue. We are pretty new to the device and have never had to reboot them. We have two PA-500's in an HA pair config. The backup is...

bino150 by Not applicable
  • 9580 Views
  • 7 replies
  • 0 Likes

Resolved! Howto do a bulk URL category check in PANDB?

As we're migrating from proxy to direct internet access, we'd like to cross-check old URL black and white lists against PANDB. I did find the URL to check one site (with captcha) but that will not be very efficient as we have hundreds of entries.Is there a way to do a bulk check?Is there a CLI or API command to do a category lookup?Thanks

How do you setup the equivalent of Cisco DHCPD on an Trusted Layer 3 interface

How do you setup the equivalent of Cisco DHCPD on an Trusted Layer 3 interface of a Palo Alto ApplianceWe have remote Cisco VPN sites we are looking at converting to Palo Alto VPN SitesI need to be able to assign IP addresses to workstations at Remote sites even if there is no connection to the Far end of the Site to Site connection.

dnagin by L1 Bithead
  • 2172 Views
  • 1 replies
  • 0 Likes

Tunnel times

I have a tunnel that is up 8 hours and down 16 hours almost consistently any one have any ideas what would cause that?

infotech by L4 Transporter
  • 11207 Views
  • 22 replies
  • 0 Likes

SSL Decryption

Want to enable this feature.. is there a guide I can follow to start configuring and testing?

rrau by L3 Networker
  • 2592 Views
  • 2 replies
  • 0 Likes

logdb export very slow then fails

Hi,I have a PA-500 which is running PAN-OS 5.0.9 and a Panorama server running PAN-OS 5.1. The Panorama is new and I would like to get all the historic traffic logs from the 500 to the Panorama. I have used scp export logdb user@server:logdb to export the logdb off the 500. To begin with the ssh sessions were timing out before the file had finis...

Gareth by L1 Bithead
  • 5571 Views
  • 8 replies
  • 0 Likes

Active/Passive HA Sync Issues

I'm in the process of testing out two PAN-M-100's in the lab and more specifically testing the HA functionality at this point.The issue that I am running into:I have changed the Primary to Passive and the Secondary to Active, made a change to the Active/Secondary and then reverted the M-100's back to Active/Primary - Passive/Secondary. After doi...

DaveCorwin by Not applicable
  • 15192 Views
  • 24 replies
  • 0 Likes

Resolved! Active/Pasive HA with LAG to Virtual Chassis = Dropped Packets?

Good afternoon,I tried to deploy a Active/Passive cluster yesterday with only partial success!Things didn't work as expected. Sessions were forming but servers would work intermittently. At times it would change so that what was working, stopped, and what wasn't, started. Some services worked fine for some people throughout. And for others nothi...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels