General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 257 Views
  • 0 replies
  • 1 Likes

OSPF Resets

While doing some testing on a PA pair at a new site, I noticed that at least one type of configuration change would apparently cause OSPF to reset and lose all of the routes out of the site. Specifically, I was enabling and disabling IPv6 on interfac

...

cosx by L2 Linker
  • 1562 Views
  • 1 replies
  • 0 Likes

Poor Man's HA

Greetings,

We have a single PA-500 which we will be putting guest (non-critical) internet traffic behind.  Currntly it is patched in as such:

eth1/1: L3 - Trusted

eth1/2: L3 - Untrusted

Is there anyway to leverage HA between interfaces on the same device

...

mrsold by Not applicable
  • 2521 Views
  • 4 replies
  • 0 Likes

NetConnect OS support

When will NetConnect support Linux/Unix and Ipad?  Am I correct that currently Netconnect only supports:

Windows 7 32-bit

Windows 7 64Bit

MacOS 10.5 32-bit

MacOS 10.6 32-bit??

general problems

hi,

we cant use automated updates since Nov 24th .when i try to update from dynamic updates it gives this error. ”Failed to check content upgrade info due to generic communication error. Please try again later”.

when i try to update from file it lo

...

blueteam by Not applicable
  • 4290 Views
  • 7 replies
  • 0 Likes

HTTPS apps identified without decryption

Hi all,

in my configuration I have neither SSL Decryption implemented nor URL Filtering. I only have 1 policy: "trust to untrst accept all" in Vwire. PANOS 4.0.2

If, from my PC behind PAN device, I try to go to: _https://www.facebook.com_

PAN device sho

...

Config file

hello everyone,

good day to you.

have a little question... its it possible to upload a config file generated from a pa-2020 then upload it on a pa-2050 ?

regards,

bp

Packet Drops under 3.1.8 / 3.1.9?

This is more of an FYI than a question. I want to share what my company is going through so we can all learn from each other.

We monitor our network by sending out pings every 500ms. We have multiple ping sources going to scores of endpoints. Then, we

...

markjx by Not applicable
  • 2827 Views
  • 2 replies
  • 0 Likes

Resolved! DHCP Option - Is it possible?

I know that the DHCP service offered on the Palo Alto firewalls is quite limited but I wondered if anyone has had any success in setting up specific DHCP options?

We have a requirement to set DHCP options 66 and 67 for PXE boot - this is possible on m

...

Problem with ipsec vpn session

Hi

I hope that someone can bring some insight in to this problem.

The situation is this:

Two out of seven configured ipsec tunnels are having some kind of connection issue. Our monitoring system will notify me that the VPN connection is down. I have the

...

admin3r by Not applicable
  • 8267 Views
  • 9 replies
  • 0 Likes

Is there a limit on the icmp pakets size?

Hello,

We try to make ping throw a PAN-4020 device, whene we try with a 1023 byte pakets it works, but wehen we try with a 1024 byte pakets this is rejected by the PAN. Is there any limit on the icmp paket size?

Also, whene we activate the jumbo frame

...

asia by L3 Networker
  • 2265 Views
  • 1 replies
  • 0 Likes

vwire loop into tap port for QoS demo

Guys,

To show QoS, when running a PoC using out of band traffic, will connecting a tap port via the factory v-wire interfaces work?

So out of switch mirroring traffic, into trust vwire->untrust vwire->tap ?

Thoughts?

KatanaNZ by L3 Networker
  • 3420 Views
  • 5 replies
  • 0 Likes

why would i see traffic on a standby HA PA2020?

Hi,

We've just had a couple of PA2020s installed in an Active-Passive HA configuration, running v3.1.7, and I'm trying to diagnose an FTP problem which may or may not be related to the installation. One thing I have discovered is that we're seeing a s

...

FIPS mode algorithm decryption?

The FIPS Mode notes state:

"Non-FIPS approved algorithms are not decrypted and are thus ignored during decryption"

Can someone clearify what exactly this applies to, and what is not decrypted?

KatanaNZ by L3 Networker
  • 3437 Views
  • 4 replies
  • 0 Likes
  • 23628 Posts
  • 107 Subscriptions
Top Liked Authors
Labels