General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 436 Views
  • 0 replies
  • 2 Likes

Resolved! Mgmt Plane Always high CPU

I have a PAN fw at a client site that always has the mgmt plane cpu at 100%. The data plane CPU barely ever goes above 10%. Is there an easy way to troubleshoot the cause of this or what is taking up so much CPU usage?

SDorsey by L4 Transporter
  • 8127 Views
  • 10 replies
  • 0 Likes

Has anyone taken a look at panug.com ?

I stumbled across a site that I think aims to be similar to https://www.cpug.org - sort of the community's independent forum where discussions about Palo Alto can take place. Kind of a neat idea, but I'm not sure how much community momentum it has.

Ch

...

Resolved! Can't download GP client from the portal

We are setting up GP for SSL VPN. For testing purposes , we have created a local db account on the box and setup GB. The portal comes up and when u log in , u never go beyond the login page . It keeps trying to connect and never does . It eventually

...

usvi by L3 Networker
  • 2942 Views
  • 4 replies
  • 0 Likes

Certificate for Secure Web GUI creation

Hello

Which attributes shall an external CA certificate have to be accepted as a Secure Web GUI Certificate?

I have imported one, but SSL Management doesn't work with it. These are its attributes:

   Version: 3 (0x2)
        Serial Number:
            15:

...

Best practice for OWA and OMA

Hi

I'm getting rid of our old ISA server which we used to expose OWA and OMA and want to use our PA-500 to allow domain users access to OWA and OMA (for their iPads etc).

I've noticed that the application 'Outlook-web' is used for OWA and its dependanc

...

TDC by L1 Bithead
  • 4215 Views
  • 4 replies
  • 0 Likes

Commit Error (sslvpn)

Hi,

I am recieving the following error when issuing a commit,

Management server failed to send phase 1 abort to client sslvpn

Management server failed to send phase 1 to client useridd

Commit failed

The only change in configuration is adding new local use

...

rsaber by L1 Bithead
  • 4344 Views
  • 4 replies
  • 0 Likes

Inbound SSL Decryption and monitoring

Hello,

I'm trying to setup inbound SSL decryption. It is a pretty basic setup.  Two layer 3 interfaces on a PA-500.  One interface is in an 'Outside' zone, the other is in a 'DMZ' zone. In the DMZ zone is a web server with a signed SSL certificate.  T

...

Cisco IPSEC VPN client connecting to PAN 4.1

Hi folks,

there were no way to establish a ipsec connection between a Cisco VPN client and PAN. I was "inspired" by the globalprotect guide but wasn't enought.

  • At the cisco vpn client side, I had configured just the ip address, the group and pwd, and n
...

robclav by Not applicable
  • 6077 Views
  • 7 replies
  • 0 Likes

Static route on Management Interface

Hi all,

how can I define an additional static route on the Management Interface?

I have a setup with a customer were the communication from the management interface to two specific IP addresses has to be routed over another next-hop which is not the de

...

Resolved! TAP Mode and IPv6

Hello Everyone,

Is it possible to monitor mirrored IPv6 traffic in TAP mode?  I have a PA-500 and it has been enabled for IPv6 firewalling.  Apart from checking this option, is there anything else that has to be done to monitor IPv6 traffic?  If it is

...

Resolved! External CA Management Certificate

Hello

Is it possible to use an external certificate from our corporate CA for the SSL Management Interface of the firewall?

I have already Imported it, and the corporate root certificate, but I don't know how to change the management interface configur

...

Resolved! Combining policies from different virtual systems

So we are migrating from ASAs to PA 5050's.  We are trying to do it with as little interruption as possible so what we did is put the PAs inline behind the ASAs using vwire.  Our thought is to build our 4 environments as separate virtual systems in o

...

Brinkman by Not applicable
  • 1888 Views
  • 1 replies
  • 1 Likes

Resolved! Firewall Configuration Essentials 101 Exam Retake Help

The end of last year I took the Firewall Configuration Essentials 101 v.4.1 exam. I didn't pass so I've spent some time studying and playing with Palo Altos. I returned to retake the exam and it doesn't show up under pending evaluations and I request

...

  • 23699 Posts
  • 110 Subscriptions
Top Solution Authors
Labels