This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

HA Questions

Hi all,I have 2 simple questions:Q1: proper procedure to physically move the standby firewall PA3020 connected to primary firewall within the same datacenter (need to power off and move)?Q2: proper procedure to switch the primary to standby and standby to primary firewall?Thanks a lot!!Peter

Resolved! pa200 ha

Im in the process of setting up a pair of pa200 for ha, ive read through the documentation but im not clear on a few things.The PA200, if i do an update on the FW for either software of dynamic updates it uses the management port to do the work.If I configure HA I will need to use the management port and one of the ethernet ports, the other thre...

NAT Help - Reaching DMZ Server via NAT

Hi,I'm having an issue setting up my DMZ test environment. My set up is basic and is as follows (IP information is an example) --e1/1 - Internet (1.1.1.160/28 - ISP assigned)e1/2 - Internal (10.10.10.0/24)e1/3 - DMZ (10.10.100.0/24)DMZ Web Server (Internal IP 10.10.100.10/24 with NAT rule for external IP mapping of 1.1.1.171)I've set up a NAT p...

jmeyer1 by Not applicable
  • 5978 Views
  • 5 replies
  • 0 Likes

Getting User-ID when using 802.1x Wireless

Hi,I was wondering if any of you chaps and/or chapesses have come across a problem getting the correct User-ID information when using wireless authentication.The problem I have is that I have a Palo Alto firewall that happily uses the User-ID Agent from AD/Security Event log to get User-ID information about wired connections to their network. T...

Resolved! CVE-2013-3893

What is the Vulnerability Signature status?Microsoft Security Advisory (2887505)Vulnerability in Internet Explorer Could Allow Remote Code ExecutionPublished: Tuesday, September 17, 2013https://technet.microsoft.com/en-us/security/advisory/2887505

dill by Not applicable
  • 4971 Views
  • 6 replies
  • 0 Likes

Active passive to active active mode

I have a pair of PA3020 in active-passive mode within the same datacenter pointing to the same ISP. We are planning to move the standby firewall to the new redundancy site and enable active-active mode pointing to a new redundant ISP. The 2 firewalls will be connected by dark fiber within a few kilometers. What are the best practices and steps t...

forward http request to proxy squid

Hi ,i try to forward my wifi mobile users http request to the proxy squid.i have configured the proxy squid to transparant mode (port 80)To the firewall i have 3 zone : LAN (port 1) , DMZ (port 3) and INTERNET (port2)the wifi mobile users are in zone "LAN" and my proxy squid is in zone "DMZ".When the wifi mobile users want access to internet, t...

nmaton by Not applicable
  • 8215 Views
  • 6 replies
  • 0 Likes

L2 trunk and subinterfaces to Cisco

I am trying to configure a L2 trunk from a Cisco 3750 to a Palo 5020I cannot find any info on how to configure the Palo, as the terminology is different to me.As a side note we are also running two 5020's in an Active/Active configurationI have tried configuring it but getting errors saying L2 interfaces not supported in HA active/activeI need t...

rperkin by Not applicable
  • 14642 Views
  • 7 replies
  • 0 Likes

Resolved! pass on user-id information

Hi All,Setup- We got 2 PA clusters with a leased line between them, joining two offices of the same company.- Both offices have their own AD, servers, ...- We have GlobalProtect configured on both devices.- We have PanOS User-Id configured (so no agent) on both devices- We have a user based security rule providing a "support" user access to cert...

mr.linus by L4 Transporter
  • 4275 Views
  • 3 replies
  • 0 Likes

Re-Generating HA-Keys

I was lazy and just imported a configuration from a a other firewall to create a new firewall.Now i discovered that the HA-Keys are identical (because) I imported the config.Is there any trick to re-generate them or do i have to factory reset and start over the whole config?Thanks for Help

gsteiner by L3 Networker
  • 2464 Views
  • 1 replies
  • 0 Likes

Removing an Object and All Dependencies

Morning,I am doing some firewall cleanup on our panorama. We have quite a few devices and I am forced to go through each device group to verify if something exsists locally or shared. Is there any way through the CLI or Panorama to remove an item and all dependencies? Here is the current process:Enter search term to find the itemClick through...

  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks