General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

FAIL TO PARSE SECURITY POLICIE

Hi guys

I`m having a big problem


When i try to commit my security policies show this erro.

Details:
· Error: Failed to find address '10.2.69.100 '

· Error: Unknown address '10.2.69.100 '

· Error: Failed to parse security policy

· (Module: device)

· Commit f

...

Thiago by L3 Networker
  • 3317 Views
  • 1 replies
  • 0 Likes

Resolved! Layer 3 Interface Trunk Configuration

Hi,

I am a new Palo Alto firewall user, however I have been working with firewalls for some time.  I have a couple of quick questions;

1) Does the Palo Alto PAN-OS firewall have equivalent of the "shut"  or "no shut" command to turn an interface on or

...

dsulli99 by Not applicable
  • 7813 Views
  • 2 replies
  • 0 Likes

Adding multiple IPs to external interface

I am interested in adding all of the IPs from a range like x.y.z.40/28 to the external interface of the PAN.

The verbiage on the GUI makes it sound as if I need to add each IP individually.

Can I add a range as listed above by entering it as  x.y.z.40/

...

BobW by L4 Transporter
  • 3204 Views
  • 1 replies
  • 0 Likes

Resolved! URL logging without URL Filtering license

We are trying to log all URLs without having a URL Filtering license

For that we created a custom URL category containing

*.*

*.*.*

Seemed to work but when we compared the amount of log entries to the proxy logs we discovered that we only see less than h

...

AndreasB by L2 Linker
  • 2820 Views
  • 1 replies
  • 0 Likes

CLI cmd to show system log

I'm trying to use the CLI to get a list of SSLVPN logins, but keep getting either "sytnax error at end of input" or "syntax error at AND" errors. what i've attempted so far is variation on:

show log system subtype equal sslvpn object equal "Test SSL-V

...

u11756 by Not applicable
  • 17789 Views
  • 1 replies
  • 0 Likes

ThreatLog forwarding doesnt work

Hi All,

I have configured the PaloAlto to email me threatn  logs for medium , high and critical alerts, but it seems to email me only medium threat alerts, how do i fix this 

Please find attached my log forwarding profile.

My email profile is configure

...

Combining NAT rules?

Whil my NAT rules are working fine I get the feeling I am missing something with net rules.  I have an external ip which needs three ports forward to separate internal server:  port 7000 goes to port 3389 on 192.168.1.1, port 7001 goes to port 389 on

...

BobW by L4 Transporter
  • 1459 Views
  • 1 replies
  • 0 Likes

Asymmetric routing

Does anyone else have a multi-site network with asymmetric routing?  I'm having some issues getting from site to site.

Here's what's going on:

We have two datacenters -- one for the eastern US, the other for the western US.  Each datacenter has a PA-20

...

nwallette by Not applicable
  • 6727 Views
  • 5 replies
  • 0 Likes

PA500 Configuring a Static Routing Question?

Hello all.

I have a fairly easy deployment - a set of PA500s with internal trusted and external trusted zones. On the inside, they are currently connected to a router hsrp pair and on the outside pointing to another brand FW. I have only a handful of

...

dudesdad by Not applicable
  • 2370 Views
  • 2 replies
  • 0 Likes

Source NAT confusion

I am trying to provide for some 1-to-1 NAT on our PAN, which I thought we be an easy task.  However, my configuration insist on using the interface IP address for outbound connections.  Here is my setup.

Untrusted Network Interface IP: x.x.x.10/29

Trus

...

cdpadmin by Not applicable
  • 3218 Views
  • 5 replies
  • 0 Likes

PA-5020 4.1.5 issue

Hello,

Anyone else experienced any issues when upgrading to version 4.1.5?

We have done one upgrade to 4.1.5 and the PA-5020 just goes into a reboot cycle.

After doing the initial commit the firewall reboots and the cycle repeats.

Doing a factory reset f

...

  • 23591 Posts
  • 103 Subscriptions
Top Solution Authors
Top Liked Authors
Labels