General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Panorama commit devices with different results

Hi,We have a device group in Panorama with 4 devices members. When we've committed changes sometimes devices had the result "Commit succeeded with warnings", because we have some dependence warnings, but one of them has the result Commit Succeeded". If we realize other commit the result changes, but sometimes one of them is succeeded and the oth...

Captive Portal authentication as a replacement for Checkpoint Client Auth

Hello,We're in the process of replacing a number of checkpoint firewalls with Palo Altos and we're looking at ways in which we can replace the current Client-Auth setup on Checkpoint where you telnet to the firewall directly, authenticate, and it then allows you access to the applications you require.Obviously the solution is the captive portal ...

session browser source=0.0.0.0?

seeing a lot of sessions in the session-browser with a source ip of 0.0.0.0 (in the internal "trust" zone) - these tend to be UDP protocols, RTP, bittorrent, skype etc and the session browser shows them not matching any rule or having any bytes. Are these sessions in the process of being setup?

Test commnad on the nat policies

Hello,I did an upgrade from a 500 model to a 3020 model. All the configurations work just fine. The problem that I see is that I cannot test the nat-policy rules. I have the following configuration:..snat-all-LANs { from inside; source [ 172.30.0.0/15 192.168.0.0/16 ]; to outside; to-interface ; destination an...

Original MAC Address of each interface on device

I have two Palo Alto devices and running HA.When i run command on Active and passive device: > show interface hardware It only show the same MAC Address value of all interface.I want to know original (physical) MAC Address of each interface on each devicePlease help methanks so much

What does not get uploaded in Config that needs changed via CLI?

We have a PA-500 that has a bad hard drive in it. We copied the config from the bad device and transferred it to the new RMA device they have sent us. on the GUI all the settings have transferred over just fine and nothing looks different. But when the device is in place we have network issues and it is looking like packets are being dropped (so...

Resolved! NAT based on URL or FQDN

Hi, I want to make a NAT based on a URL or FQDN.I only have one public IP but several URL that I want to NAT to different inside servers.I have this working on a ISA and want to do the same in the PA.I have a PA 500 with 5.0.8.

Protecting private clouds

We are in the process of testing the deployment of Internet-facing services into Azure, such that they are accessible from the public Internet via Azure but have a VPN connection back into our environment. Obviously in this scenario we must rely on Microsoft to protect the public-facing service, which removes all visibility and undermines our in...

KGC by L3 Networker
  • 3672 Views
  • 2 replies
  • 0 Likes

Reputation score based policy? / URL-Filter w/o Threat Prevention

Question1:We're in the middle of evaluating the PAN firewall 5050, and are generally impressed w/ what it can do, in terms of blocking & reporting, etc.One feature we're looking for, but seems to be lacking is the ability to permit / block end users' web browsing based on reputation scores.For example, a website that's normally in the allowe...

huangedmc by Not applicable
  • 4791 Views
  • 3 replies
  • 0 Likes

Google-calendar-base from iOS devices

Hi,I applied an SSL decrypt profile and with no blocking configuration if decryption would fail. Now I notice that on iPad with IOS7.0.x the calendar from google is not working.It appears in the traffic log as decrypted and the application is seen on 443. So looks to be working but it is not updating. Also I see traffic send and received.Somebod...

Resolved! Active Active unique address on DevID 0 and DevID 1

Hello- I am reading through the docs on ActiveActive HA and floating IP. The diagrams show that for intf A there is a10.1.1.253 address on the Active-Primary intf and a 10.1.1.252 on Active Secondary.My question is, how do I configure the different address and ensure its tied to the Active-secondary.thank you in advance,Don

dbrenipc by L3 Networker
  • 3536 Views
  • 2 replies
  • 0 Likes

Palo Alto Software/Threat/AntiVirus Update Policy

Hi,I am having an internet facing firewall which needs to be kept updated with the Threat/AV software. I have configured the service route to use the correct interface for updates. However, it still cant check and download the required updates. As its evident I need to have a policy in place to allow the above traffic. I know what source to use,...

DCN by Not applicable
  • 4736 Views
  • 5 replies
  • 0 Likes
  • 24401 Posts
  • 123 Subscriptions
Top Solution Authors
Labels