General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 435 Views
  • 0 replies
  • 2 Likes

Long commit time with 125 vsys

Hello,

Running 5.0 code train, after we created 125 vsys on the PAN 5060 firewall and preloaded our standard panorama shared policies and address objects (3 pre polices, 1 post policy, and about 100 address objects).  The firewall commit time is about

...

Cacti 5.0

Has anyone seen any issues with cacti and 5.0? Ours where all logging usage perfectly until the upgrade it which point they stopped. Now we just get SNMP errors as though the devices are down.

Regards

Dave

DaveM by L1 Bithead
  • 2918 Views
  • 4 replies
  • 0 Likes

paloalto-panorama App-ID missing?

Does anyone else find it strange that there's no 'paloalto-panorama' App-ID? There are paloalto-updates, paloalto-userid-agent and paloalto-wildfire-cloud App-IDs, but not one specifically for Panorama? (ssl on port 3978 essentially)

FQDN not resolved

Hi

On a Palo Alto Firewall, we created an address object using FQDN Type.

We use this object as a destination address in the security rule « TEST-FQDN-1 »

But checking the security policy (show running security-policy) we can see the destination is not

...

Hub by L0 Member
  • 7221 Views
  • 9 replies
  • 0 Likes

Resolved! website slowness with DHCP Cable Modem

I recently installed a PA-200 and many websites are either very slow to load or have to be refreshed multiple times in the browser.  Tried multiple browsers so not browser specific.  Running a PA-200 with DHCP to Time Warner on the Untrusted interfac

...

danlukas by Not applicable
  • 6171 Views
  • 16 replies
  • 0 Likes

Resolved! vsys cpu

Hi,

Can we see how much cpu is used by vsys's ?

Thanks

panos by L6 Presenter
  • 2576 Views
  • 2 replies
  • 0 Likes

Resolved! Virtual Systems Shared Gateways

Is it possible to have multiple shared gateways when running virtual systems.

I'm essentially trying to have 1 physical interface, shared among virtual systems, with an IKE gateway configured on it, so I can have multiple IPSec VPN tunnels established

...

Resolved! no nat

hello

i'am configuring a paloalto firwall wish is the backward firewall,

i'm facing problem with nat , users must be integrated in the frontal firewall

users passes by paloalto firewall first then the frontal firewall, when it pass by pan their

...

atelcom by L3 Networker
  • 6876 Views
  • 10 replies
  • 0 Likes

RPC Service

hello everybody,

I need to write a rule that allows RPC Service activity for SUN SNMP to DMI mapper daemon.

any idea?

thanks in advance.

Resolved! no certificates in the webui but still everything is working

we get the error:

Warning: cannot find complete certficate chain for certificate ****

we get this error since upgraded, i cannot see any certificate in the webui but everything (global protect and webui) is working.

int the export xml i can see those c

...

minow by L4 Transporter
  • 2927 Views
  • 4 replies
  • 0 Likes

Permit related/inherited applications

Hello,

I am looking to build a particular security policy where *all* web browsing is permitted, including any applications that the session gets transitioned to as a a result of App-ID figuring it out.  For example, a session may start out as a "web-

...

krhayes by L0 Member
  • 2247 Views
  • 2 replies
  • 1 Likes

Resolved! Timeout for SSL Decryption Session

Hopefully an easy one, but I can;t seem to find the answer.

What is the default timeout for SSL decryption i.e. how long before a user is required to re-accept an opt-out page?

And, what is the CLI command to change this?

Many Thanks

apackard by L4 Transporter
  • 2896 Views
  • 3 replies
  • 0 Likes

GlobalProtect 1.2.4 issue with Mac pre-OSX 10.8

We are having a strange issue with GlobalProtect and all Mac OSX that predate 10.8.  Clients can connect just fine, but when they try to connect to our NAS, the client's connection to the NAS locks up and then gets terminated, but the GlobalProtect c

...

mcw015 by Not applicable
  • 1924 Views
  • 1 replies
  • 0 Likes

Redundant Site-to-Site VPNs?

I am looking to put in redundant or active/active VPNs.

2 of our sites both have 2 ISPs.

Currently the VPN works from 1 ISP on each side.

Questions:

1. Can I have redundant VPNs?

2. Can I load share over those?

3. Any tips or docs to configure?

Other relate

...

  • 23698 Posts
  • 110 Subscriptions
Top Solution Authors
Labels