General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 356 Views
  • 0 replies
  • 0 Likes

Resolved! Bi-directional NAT is still requiring a /32 static route

I have two VPN tunnels established with a vendor.  1 is in San Digeo and 1 is in Las Vegas.  The subnet in SD uses 10.220.1.0/24 and LV uses 10.220.2.0/24.  With both tunnels they want me to NAT my IP of 172.16.1.235 to 10.200.249.30.  I have a NAT s

...

nthen by L3 Networker
  • 3896 Views
  • 4 replies
  • 0 Likes

Resolved! HA PORT CONFIGURATION IN 4.1.12?

Hello world,

I have done an upgrade of PA2050 cluster in 4.0.9 to 4.1.12. In 4.0.9 the link speed and duplex for HA PORT was forced.

after the uprade in 4.1.12 I lost a lot of packet and when I tried to do a commit I had an error message.

Commit failed

...

alle by L3 Networker
  • 2785 Views
  • 2 replies
  • 0 Likes

Communication within different Trust Zones

Hi,

I am working with PAN-500 3.0.9.

I have configured 2 trust zones and 2 untrusted zones.

l3-trust IP 192.168.0.254/22; l3-untrust 200.78.x.x

l3-trust2 IP 192.168.10.254/24; l3-untrust 201.161.x.x

I need that users from l3-trust get access to servers lo

...

Resolved! Block but don't log

Is there a way to block some vulnerabilities or spyware without logging them? For instance I would like to block all the Microsoft SQL Server Stack Overflow Vulnerability but I am tired of them skewing some of our charts and stats. it looks like I ca

...

jmayne by Not applicable
  • 2595 Views
  • 3 replies
  • 0 Likes

Resolved! LDAP - Group Mapping with Child Domain users

Hi all,

We'd like to use an Active Directory group in our root domain (e.g. "company.com") to control GlobalProtect authentications. Let's name this AD group "VPN Access" (it's a "Universal" Security Group). It contains user objects from the root doma

...

oschuler by L4 Transporter
  • 5258 Views
  • 2 replies
  • 0 Likes

NAT rule for IPSEC VPN using NAT-T

I'm running PANOS 4.0.13 and I've enabled NAT-T via the command line.  I'm having trouble getting traffic to pass and I assume it must be my NAT policy.

1. I set a destination NAT as the vendor will be the initiator.  The NAT is defined like this:

srcz

...

iguarino by L0 Member
  • 2618 Views
  • 2 replies
  • 0 Likes

Resolved! PAN-OS 5.0.5 :Commit failed

Hello,

I have upgrade my firewall from 5.0.1 to 5.0.5 successfully.

But when I am trying to commit. It is giving below error.

Operation

Commit

Result

Failed


Details vsys -> vsys1 -> global-protect -> global-protect-portal -> portal-tunnel -> client-confi

...

u22443 by Not applicable
  • 2509 Views
  • 3 replies
  • 0 Likes

Resolved! Question Regarding Reporting

Hi All!

I'm responsible for Security Analysis at a Telecommunications company up in New England. We've recently deployed Palo Alto firewalls to all sites, and I am currently going through PDF Reports manually while we get Splunk installed.

One thing th

...

Resolved! FQDN vs NetBIOS Domain Name

Hi,

I have a PA-3020 running agentless user-id. When I examine the traffic log, some user id's are displayed as netbios_domainname\userid and others displayed as FQDN\userid.

ie:

domain\billw

vs.

domain.somewhere.com\billw

Any ideas as to why this happens?

...

charger by L2 Linker
  • 9225 Views
  • 5 replies
  • 1 Likes

DHCP Server ip adress give so slow

hello,

we are try palto 5060 fw. Palto os 4.0 not yet update 4.1. Before we was using juniper and we write all rules same as juniper after all our network  ip address relase or renew so slow.

We have 3 zone. Trust, untrust and dmz. Our dhcp server is l

...

aupalto by L0 Member
  • 4255 Views
  • 3 replies
  • 0 Likes

Resolved! what is wrong with blocking firefox

Hello all together,

there something misterious for me because

to block firefox i used this document https://live.paloaltonetworks.com/docs/DOC-5028  but with this config it hasn't been working so far.

Is there a hand? My Config is:

i tried it with enable

...

kdd by L4 Transporter
  • 4681 Views
  • 4 replies
  • 0 Likes

Linux VPN clients

Does anyone have suggestions for Linux based VPN client software to users into a Palo Alto Managed environment.  The dynamics (frequent upgrades of various distributions) is causing issues with our current 3rd party commercial VPN solution.  Any sugg

...

HITSSEC by L4 Transporter
  • 3477 Views
  • 5 replies
  • 0 Likes

Resolved! GP - second gateway creation problem

Hi

I have PA200 with 5.0.5 with ateway and portal licence.

On untrust interface I have /26 network

To set up another gateway I added second IP to my untrust interface. X.X.X.141 with /32 mas - is it correct?

after commit I add new gateway profile and try

...

_slv_ by L4 Transporter
  • 3126 Views
  • 5 replies
  • 0 Likes

Resolved! Forward DNS requests

Hi,

We are looking for a way to forward All dns requests to internal DNS ip.

Either client changes its ip address to public dns addresses it should be forwarded to internal.

Can we do that ?

We don't want to write a deny rule for public Dns requests.

We d

...

panos by L6 Presenter
  • 9058 Views
  • 16 replies
  • 0 Likes
  • 23834 Posts
  • 112 Subscriptions
Top Liked Authors
Labels