General Topics

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Firewall Seems to Be resetting SSH Connections

HI,

I have a problem with my Palo Alto firewall deployment were the firewall seems to be resetting all connections using port TCP 22 (SSH, SCP, SFTP). I have done packet captures on the ingress interface of the firewall and it shows as if the connecti

...

Resolved! Throughput

Hi,

Is there a way to get system statistics session output with API ?

or just throughput value ?

Resolved! Basic fundamentals

Hi,

Just have some queries on Palo Alto firewalls posting some questions. Help on these is much appreciated.pi

1) How to initiate a ping from GUI

2) As per my knowledge Vwire Sub-interfaces must be acquiring the properties from parent interface, and we

...

Captive portal doesn't show with Firefox

Is anyone out there having issues getting captive portal to show when using Firefox. All I get is a blank screen, the URL does not change to the redirect address and it appears to be stuck doing something. The environment is the following:

* Firefox

...

Resolved! Push dynamic update through Panorama

Hi all,

Does anyboby know if it's possible to either push dynamic (scheduled of course, don't want to do that manually every day) update from panorama to managed palo or configure palo for requesting their dynamic update to panorama ?

of course palo do

...

Just skype

Hi,

An environment like LAN - PAN - Proxy - Router - Internet

is there a way to block everything but allow just skype.No web browsing, nothing allowed except skype.

I tried some rules but skype couldn't connect.

Thanks.

Palo Alto blocking Symantec Antivirus

My URL filter on my PA2050 is blocking https://143.127.102.40/mrclean as malware-sites. This is Symantec SEP talking to the Symantec cloud. A discussion of the URIs used by Symantec is located here: Clients connecting to an IP. | Symantec Connect

...

cluster question

Hi,

Device1 Active

Device2 Passive

When a failover happens...it takes about 7-8 timeouts(45 second) : device1 passive device2 active

When a failover happens again it takes about 1 timeout(good time): device1 active device2 passive

Any ideas ?

Thanks.

SYSTEM ALERT: Version 5.0.5

Hi All,

After upgrading to version 5.0.5 i have a strange thing....

---

severity: high

opaque: HA Group 1: Peer version of 5.0.5 not compatible with the HA2 keep-alive setting; disabling HA2 keep-alive

---

severity: critical

opaque: HA Group 1: All HA1 conn

...

Resolved! M-100 Panorama Mode Collectors in HA

Probably an obvious question but the documentation doesn't seem to reference this directly...

If I have 2 x M-100s in HA, by default they are in a state where the primary is listed within the "Managed Collectors". From what I understand the logs are

...

Resolved! Global Protect with Active Directory Accounts

Hello all,

I have what might be a simple question. I want to authenticate to Global Protect SSL-VPN using my current Active Directory users. Do I need to have the User ID software installed on a domain server to do this? If thats needed for LDAP can o

...

Resolved! Bi-directional NAT is still requiring a /32 static route

I have two VPN tunnels established with a vendor. 1 is in San Digeo and 1 is in Las Vegas. The subnet in SD uses 10.220.1.0/24 and LV uses 10.220.2.0/24. With both tunnels they want me to NAT my IP of 172.16.1.235 to 10.200.249.30. I have a NAT s

...

Run NetConnect and Global Protect concurrently on 4.0.12

I would like to run Global Protect and NetConnect on a 4.0.12 firewall.

I have domain users and vendors that I would like to address separately pushing the GP.msi through Group Policy to the domain users and then hand holding the vendors.

Then I could

...

Resolved! HA PORT CONFIGURATION IN 4.1.12?

Hello world,

I have done an upgrade of PA2050 cluster in 4.0.9 to 4.1.12. In 4.0.9 the link speed and duplex for HA PORT was forced.

after the uprade in 4.1.12 I lost a lot of packet and when I tried to do a commit I had an error message.

Commit failed

...

Communication within different Trust Zones

Hi,

I am working with PAN-500 3.0.9.

I have configured 2 trust zones and 2 untrusted zones.

l3-trust IP 192.168.0.254/22; l3-untrust 200.78.x.x

l3-trust2 IP 192.168.10.254/24; l3-untrust 201.161.x.x

I need that users from l3-trust get access to servers lo

...

Discussions

Welcome to the General Topics Discussions!

Rules and Best Practices

Firewall Seems to Be resetting SSH Connections

Resolved! Throughput

Resolved! Basic fundamentals

Captive portal doesn't show with Firefox

Resolved! Push dynamic update through Panorama

Just skype

Palo Alto blocking Symantec Antivirus

cluster question

SYSTEM ALERT: Version 5.0.5

Resolved! M-100 Panorama Mode Collectors in HA

Resolved! Global Protect with Active Directory Accounts

Resolved! Bi-directional NAT is still requiring a /32 static route

Run NetConnect and Global Protect concurrently on 4.0.12

Resolved! HA PORT CONFIGURATION IN 4.1.12?

Communication within different Trust Zones

SIP traffic being dropped in drop.pcap without log on PAN OS ver 10.2.4-h10

Renewal of license

Artificial Intelligence

Tags for Managed Devices vs. Object Tags

Application change port/protocol change request

Re: Clarification on App Rule - I thought I understood this

Re: PANdora's Box

Re: Recommended PAN-OS version

Re: New periodic alert: Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform.

Re: To block AI Applications in firewall

Unlock your full community experience!

Rules and Best Practices

Resolved! Throughput

Resolved! Basic fundamentals

Resolved! Push dynamic update through Panorama

Resolved! M-100 Panorama Mode Collectors in HA

Resolved! Global Protect with Active Directory Accounts

Resolved! Bi-directional NAT is still requiring a /32 static route

Resolved! HA PORT CONFIGURATION IN 4.1.12?