General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 2948 Views
  • 2 replies
  • 14 Likes

Resolved! IPSec VPN tunnel no longer working

Hello guys

We have a few VPN tunnels between our PA-2050 (in HA cluster) and some WatchGuard firewalls (different models). We migrated these tunnels to the PA-2050 a few weeks ago and they ran stable. Now suddenly two of 10 tunnels are down and we don

...

oschuler by L4 Transporter
  • 12029 Views
  • 18 replies
  • 0 Likes

Resolved! Internal route problem

Had a question about internal routing.

We have eth port assigned to a trust network which is a 192.168 network.  We also have a Avaya VoIP PBX that is vLan'd on this network and the routing is managed on an internal core switch to access this network.

...

cmateam by L3 Networker
  • 3228 Views
  • 3 replies
  • 0 Likes

VWire

I have configure a 2050 in a vwire configuration can I still utilize layer3 on the device.  From what I have been reading if I configure PAN device for vwire then the device cannot due any layer3 funcationality.

snormoyle by Not applicable
  • 1738 Views
  • 2 replies
  • 0 Likes

SMTP traffic mis-classified as FTP ?

The other day we discovered that our SMTP server was unable to send email to the silvacom.com domain.

The problem was traced to our PAN rule which allows only SMTP traffic to eminate from our email server, on the application-default port. All attempts

...

KGC by L3 Networker
  • 2823 Views
  • 3 replies
  • 0 Likes

SSL-decryption slow

Hello,

So I have tested SSL decryption today, and I made it work. But for some reason some of the webpages that are being decrypted are extremely slow. Facebook and even support.paloaltonetworks.com are two of them.

I exported a CA certificate from our

...

MS Lync (and associated traffic)

Hi,

I am looking to get Microsoft Lync working but not having much luck. Despite setting up the applications (stun, ms-lync-base/audio/video etc) I can't get my laptop to connect to another Lync user (i.e. from LAN to Internet). I am wondering whethe

...

Conde01 by L1 Bithead
  • 2053 Views
  • 0 replies
  • 0 Likes

User-ID issues with multiple domain controllers

Hi,

I have a few questions about how the user-id works that I have been unable to solve.

We are currently rolling out a lot of virtual systems to our customers in a MSSP environment and as you can imagine coming across some strange server setups.  This

...

bjackson by L2 Linker
  • 3723 Views
  • 1 replies
  • 0 Likes

default action = alert?

In browsing through the default actions for vulnerabilities, spyware and AV I see that the a lot of the actions for HIGH and CRITICAL severity events is just Alert.  I expected a lot more blocking, dropping, and resetting.   (half of High and >10% of

...

schaleg2 by L0 Member
  • 2037 Views
  • 1 replies
  • 0 Likes

Resolved! PA dropping packets on their return path

Hi

I have a simple L3 setup.

E1/1 connected to a router (default gateway to the internet). IP 192.168.119.2, untagged Zone VLAN1

E1/2.2 connected to a switch (VLAN 2 tagged). IP 10.2.2.1 (default gateway for the 10.2.2.0/24 network), Zone VLAN2

I have a

...

u13550 by L3 Networker
  • 7191 Views
  • 5 replies
  • 1 Likes

PAN filtering ssh public key auth?

Hi

I have a host which I can access without password with ssh by public key.

This works fine, but as soon as the traffic goes over a PAN (500), I get asked for the password.

Is the PA500 doing anything special here that I'm not aware of?

Thanks

u13550 by L3 Networker
  • 1800 Views
  • 2 replies
  • 0 Likes

disable SSL renegotiation

Is there a way to disable SSL renegotiation at firewall level ?

Disabling it server side ( Microsoft Security Advisory: Vulnerability in TLS/SSL could allow spoofing ) breaks activeSync. I'd like to test a different scenario to get rid of the many fal

...

dieter_b by L4 Transporter
  • 2955 Views
  • 1 replies
  • 0 Likes

Default rule - tcp reset/icmp host unreachable

Hello All,

Maybe it's there, in a doc, but I cannot find it...

Suppose I have tiered architecture.

And suppose developer breaks his code and want's to connect to other security zone or to the outside world buth should not, and I want his application to

...

Accessing brightcloud.com returns block page

We are sometimes getting a block page when accessing brightcloud.com to report a site. The category returned is 'malware-sites'. The logs show that 'service.brightcloud.com' is correct, but 'brightcloud.com/support/lookup.php' and 'brightcloud.com/su

...

cloughr by L2 Linker
  • 2705 Views
  • 3 replies
  • 0 Likes
  • 24033 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors