General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

1-to-1 NAT

Ok need some help. I have a 1-to-1 NAT that is not working. Monitor-Traffic shows the Application as incomplete. NAT PolicySecurity PolicyMonitor

ddavis1 by Not applicable
  • 6393 Views
  • 9 replies
  • 0 Likes

Routing Problem with Active/Passive and Two ISP Links

All,I have a bizarre situation and I'm wondering if anyone has seen it before. We are currently using a pair of 5050s in Active/Passive. They are configured with a very simple OSPF instance and have their default route injected via that OSPF instance. They are each connected via a single link to our ISP, let's call those interfaces on the ISP...

Resolved! Which are the PAN-DB URL categorization rules?

When an URL is categorized as malware by PAN-DB, I can´t find the reasons of such decision.Why has it been categorized as malware?Is there any way to know more about such decision?I will be grateful if you can explain me this decision.G.A.

Resolved! New to Palo Alto - Append Policy Question

Good day all, I am new to Palo Alto so this question might actually seem rather trivial.Most of my peers configure from the GUI and are not very familiar with the Command line. I am more comfortable with the command line so I am trying to do configurations that way. If I want to add a source entity to an existing rulebase security rule do I ju...

Resolved! Simple FW Setup

I have a PA-200 that I'm trying to set up in a simple lab environment. Eth1 is configured as a layer 3 interface with a public IP on it and Eth2 is configured as a layer 3 interface with an internal IP address on it. Eth2 is configured to hand out DHCP requests to internal client, which happens successfully and the internal clients can also ping...

jl5678 by L0 Member
  • 4345 Views
  • 6 replies
  • 0 Likes

Resolved! Security rules when ISP is caching?

In looking at outbound traffic I can see quite a bit to a network range owned by my ISP. I'm guessing that it's a cache. The application traffic seems to be what one would expect to be efficiently cached (ms-update, symantec-av-update, http-video, etc).How do you write rules for that? Or is it that, say, Microsoft is taking an ms-update request ...

MCmgt by L2 Linker
  • 4277 Views
  • 4 replies
  • 0 Likes

Migration from Juniper to Palos

Hi all,We're in the process of migrating from Juniper ScreenOS devices onto our new Palos and I have some questions about ALGs and service timeouts.On our Junipers, there were a couple of ALGs that we had to turn off due to them mangling the application they were supposed to handle. The most prevalent of this was the SQL ALG, which seemed to ha...

Mack by L2 Linker
  • 9883 Views
  • 13 replies
  • 0 Likes

TCP 135 traffic coming from firewall IP to internet ip's?

We received notice from our ISP of flagged traffic coming from our firewall's internal ip address to many internet ip's via tcp 135. User ID is turned off on the public facing security zones. We are on PanOS 6.0.0Anyone else seen this? I set a security policy blocking internet bound tcp 135 traffic from our firewall's management ip. Odd stuff.

Netwerx by L2 Linker
  • 4806 Views
  • 1 replies
  • 0 Likes

Are the Services for URL filtering/Threat/Antivirus the same across all devices?

I'm looking at replacing my older PA boxes and see many improvements in the physical capabilities of the newer devices. As I was looking at the full range, I was wondering if the services for each device is different. Are the URL Filtering, Threat Prevention, and Antivirus services the same for each box? Are they different compared to the devic...

Colp by L1 Bithead
  • 4176 Views
  • 3 replies
  • 0 Likes

PAN Bandwidth Monitoring & Reporting

Hello,is there a way to generate a bandwidth usage charts from the web GUI or CLI (in Mbps)? I need to be able to show what applications are consuming bandwidth at certain times during the day.The current usage reports in Network Monitor tool only show throughput per time unit (e.g. hourly total), which is not as intuitive as a bandwidth usage g...

Tuomo by L1 Bithead
  • 29113 Views
  • 12 replies
  • 0 Likes

Resolved! ftp and PAN-OS 6.0 problem

Hi Team!I have a problem with ftp application in PAN-OS 6.0 after upgrading from 5.9.Passive ftp is stop working correctly. Temporary resolved by creating an application override rule.Any ideas?Thank you

Oleksandr by L3 Networker
  • 8737 Views
  • 11 replies
  • 1 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels