General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

logdb export very slow then fails

Hi,I have a PA-500 which is running PAN-OS 5.0.9 and a Panorama server running PAN-OS 5.1. The Panorama is new and I would like to get all the historic traffic logs from the 500 to the Panorama. I have used scp export logdb user@server:logdb to export the logdb off the 500. To begin with the ssh sessions were timing out before the file had finis...

Gareth by L1 Bithead
  • 5576 Views
  • 8 replies
  • 0 Likes

Active/Passive HA Sync Issues

I'm in the process of testing out two PAN-M-100's in the lab and more specifically testing the HA functionality at this point.The issue that I am running into:I have changed the Primary to Passive and the Secondary to Active, made a change to the Active/Secondary and then reverted the M-100's back to Active/Primary - Passive/Secondary. After doi...

DaveCorwin by Not applicable
  • 15196 Views
  • 24 replies
  • 0 Likes

Resolved! Active/Pasive HA with LAG to Virtual Chassis = Dropped Packets?

Good afternoon,I tried to deploy a Active/Passive cluster yesterday with only partial success!Things didn't work as expected. Sessions were forming but servers would work intermittently. At times it would change so that what was working, stopped, and what wasn't, started. Some services worked fine for some people throughout. And for others nothi...

vwire unequal packet/bytes count

Hello!So, we have a very simple lab topology with virtual-wire and a single "allow all" policy.I think it is important to note that on the egress interface is a single host that should not be generating any traffic (or minimum traffic). The ingress port is connected to a span port on a switch. I am aware that it is a strange setup , but that's h...

Alternatives to Panorama for log collecting?

Hi.After a recent failure HD on my normally active firewall, it appears I'm going to lose close on 12 months of logs because Palo Alto has no defined process to get the logs off a failed hard drive (where the log partition is still accessible) onto the replaced drive.Yes, I have tried scp log export/import - I've swapped the old HD in and gotten...

darren_g by L4 Transporter
  • 6956 Views
  • 5 replies
  • 0 Likes

export config through cli

Hey all,Is there a way to export the (running) config through cli?Output should be a config file we can IMPORT back into a new device.- NOT using SCP (we have restrictions on this)- NOT using the API (php/rest/browse.php/export::configuration) (we only have ssh access) 1) "show config running" or under configuration-mode "show" -> this will o...

mr.linus by L4 Transporter
  • 27354 Views
  • 9 replies
  • 0 Likes

Allowing access (read only) to docs.google.com/viewer without allowing access to Online Personal Storage categorized sites

We have a situation where a site categorized as "computers and internet" (allowed for all users in our environment) references a pdf located on Google Docs (which is categorized as online personal storage). An example is docs.google.com/viewer?url=http://www.netapp.com/us/media/ds-3546-0114.pdf&embedded=true. This uses the app Google-Docs...

Art by L3 Networker
  • 4195 Views
  • 1 replies
  • 0 Likes

PAN as a DNS Forwarder to resolve External DNS Names

I'm looking on how to configure DNS proxy on PAN and found below link that provide great information.https://live.paloaltonetworks.com/docs/DOC-3637https://live.paloaltonetworks.com/docs/DOC-3522https://live.paloaltonetworks.com/docs/DOC-4633However, it does not cover the design that I want for DNS resolution and protect our internal DNS servers...

Resolved! HA Group 1: Dataplane is down: packet descriptor leak detected on slot 1 dp0

Hi Guys,Just encountered a failure on 4000 in an HA setup.First error is tasks: DP packet descriptor leak detected on slot 1 dp0HA Group 1: Dataplane is down: packet descriptor leak detected on slot 1 dp0HA Group 1: Moved from Active to state Non-Functional.Running recently upgraded to 5.0.12.Has anyone seen something this or something similar?...

x by L1 Bithead
  • 11697 Views
  • 3 replies
  • 0 Likes

Resolved! What happens when the ARP table is full?

Hello Guys,What happens when the ARP table is full? Does the firewall clear old entries?Just trying to figure out if what's causing an issue with our wireless is due to the ARP table being full. Thanks, Chris

x by L1 Bithead
  • 8232 Views
  • 4 replies
  • 0 Likes

Resolved! telnet

How do you telnet from the PA firewall on port 500 to and external IP address?

infotech by L4 Transporter
  • 3064 Views
  • 2 replies
  • 0 Likes

VMotion on ESXi

Hi PA-Admins,we installed a VM-100 (version 6.0.2) in our ESXi environment. By accident we forgot to disable vmotion for the VM and the VM moves from one host to others...I thought vmotion is not supported but our VM-100 is still running and the licenses are valid.from the Virtualization_Admin_Guide_6.0: System Requirements and Limitations This ...

Hithead by L4 Transporter
  • 7980 Views
  • 6 replies
  • 0 Likes

Assistance: my palo is not accessible.

Assistance: my palo is not accessible. I n is happening more access to my palo, after having placed in demo for a client, only the power LED lights. I try dy by console access and management, but it did nothing.----------------------------------------------------------------------------------------------------------------------------je n est arr...

camagate by L1 Bithead
  • 8210 Views
  • 10 replies
  • 0 Likes

Resolved! GlobalProtect authentication problem

Hello,The group I use to authenticate GP connections doesn't work properly.I followed the advice on this thread: https://live.paloaltonetworks.com/thread/8661It was necessary to place the NETBIOS domain name in the LDAP server profile. Output from the CLI now clearly displays the logon format with domain\user, unlike before, for GP clients.The...

TheBest by L1 Bithead
  • 4391 Views
  • 4 replies
  • 0 Likes

TLS Syslog cert import

Hi all,Certificates, can anybody help?I have a cert syslog-ng.cert that ArcSight logger auto-generated and I want to import this on to the firewall as a "Certificate for Secure SYSLOG"It imports OK as Base64 encoded PEM format, with the option to import a private key disabled (if I choose this I need to give a Key File or a Passphrase...which I ...

  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels