General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! New to Palo Alto - Append Policy Question

Good day all, I am new to Palo Alto so this question might actually seem rather trivial.Most of my peers configure from the GUI and are not very familiar with the Command line. I am more comfortable with the command line so I am trying to do configurations that way. If I want to add a source entity to an existing rulebase security rule do I ju...

Resolved! Simple FW Setup

I have a PA-200 that I'm trying to set up in a simple lab environment. Eth1 is configured as a layer 3 interface with a public IP on it and Eth2 is configured as a layer 3 interface with an internal IP address on it. Eth2 is configured to hand out DHCP requests to internal client, which happens successfully and the internal clients can also ping...

jl5678 by L0 Member
  • 4357 Views
  • 6 replies
  • 0 Likes

Resolved! Security rules when ISP is caching?

In looking at outbound traffic I can see quite a bit to a network range owned by my ISP. I'm guessing that it's a cache. The application traffic seems to be what one would expect to be efficiently cached (ms-update, symantec-av-update, http-video, etc).How do you write rules for that? Or is it that, say, Microsoft is taking an ms-update request ...

MCmgt by L2 Linker
  • 4288 Views
  • 4 replies
  • 0 Likes

Migration from Juniper to Palos

Hi all,We're in the process of migrating from Juniper ScreenOS devices onto our new Palos and I have some questions about ALGs and service timeouts.On our Junipers, there were a couple of ALGs that we had to turn off due to them mangling the application they were supposed to handle. The most prevalent of this was the SQL ALG, which seemed to ha...

Mack by L2 Linker
  • 9902 Views
  • 13 replies
  • 0 Likes

TCP 135 traffic coming from firewall IP to internet ip's?

We received notice from our ISP of flagged traffic coming from our firewall's internal ip address to many internet ip's via tcp 135. User ID is turned off on the public facing security zones. We are on PanOS 6.0.0Anyone else seen this? I set a security policy blocking internet bound tcp 135 traffic from our firewall's management ip. Odd stuff.

Netwerx by L2 Linker
  • 4817 Views
  • 1 replies
  • 0 Likes

Are the Services for URL filtering/Threat/Antivirus the same across all devices?

I'm looking at replacing my older PA boxes and see many improvements in the physical capabilities of the newer devices. As I was looking at the full range, I was wondering if the services for each device is different. Are the URL Filtering, Threat Prevention, and Antivirus services the same for each box? Are they different compared to the devic...

Colp by L1 Bithead
  • 4187 Views
  • 3 replies
  • 0 Likes

PAN Bandwidth Monitoring & Reporting

Hello,is there a way to generate a bandwidth usage charts from the web GUI or CLI (in Mbps)? I need to be able to show what applications are consuming bandwidth at certain times during the day.The current usage reports in Network Monitor tool only show throughput per time unit (e.g. hourly total), which is not as intuitive as a bandwidth usage g...

Tuomo by L1 Bithead
  • 29161 Views
  • 12 replies
  • 0 Likes

Resolved! ftp and PAN-OS 6.0 problem

Hi Team!I have a problem with ftp application in PAN-OS 6.0 after upgrading from 5.9.Passive ftp is stop working correctly. Temporary resolved by creating an application override rule.Any ideas?Thank you

Oleksandr by L3 Networker
  • 8750 Views
  • 11 replies
  • 1 Likes

Troubleshoot sending iCloud email

I have just installed a PA 3020 and it's great. I'm still pretty new to the device though and need some help troubleshooting iCloud email. I can receive iCloud email on all devices. I can send iCloud email from a browser. But I can't send email from any mobile devices (iPad, iPhones). It just hangs on "sending...". This was all working last week...

Internet Edge Placement

Hi all,We are in the process of re-designing our network topology and I have a question regarding the placement of our Internet firewall: - place the PA firewall directly on the Internet (with default gateway pointing directly to the ISP's gateway)- place the PA (using private address) behind an Internet edge router owned by us which is pointing...

Upgrade to 5.0.11 = High Amount of Global Protect Failed Auths

We upgraded one of our 5020's from 4.1.13 to 5.0.11 about 2 weeks ago. Ever since then, we have been seeing an unusually high number of failed auths from Global Protect. Has anyone else experienced this?The attached graph was made in Excel. I used this filter in PA ( eventid eq globalprotectgateway-auth-fail ) and ( receive_time geq '2014/02/...

jambulo by L4 Transporter
  • 3102 Views
  • 3 replies
  • 0 Likes

Shared Policy Zone Check

The Shared Policy option in Panorama is most useful, however I have found an issue with it which I think could be resolved in one of two ways, what I need to know is do either of these two ways exist?ScenarioWhen using the Panorama Shared Policy to push single policy to three different FW layers I need to include the Source and Destination Zone ...

CHammock by L2 Linker
  • 4411 Views
  • 3 replies
  • 0 Likes
  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels