General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Panorama Upgrade

Hi Team, I am setting up a new Panorama. Where not even created the Device Groups and Templates yet. I need to upgrade the Panorama but i am not able to do that. I am able to reach internet but unable to fetch the softwares, is there anything that needs to be done to fetch the softwares? Regards, Sanjay S

Resolved! LACP MAC Movement and Doubts

Dear Folks, First time I'm deploying PAs with LACP active/passive for HA solutions. I have some doubts couldn't get enough information from Internet source. 1. In the event, if one firewall goes down, PC on SW1 goes down, how this mac and arp movement happening? Interestingly when I give show interface on PA's both FW1 & 2 sharin...

Ramakrishnan_3-1702285551757.png

redistribute static routes including next hop as next VR in ospf

we have two VR1. Default :eth1/1 - 10.1.1.0/24 L3_LAN Zoneeth1/2 - 10.1.2.0/24 L3_DMZ zoneeth1/3 - internet 2.New_VRtunnel interface tunnel.1_global protect tunneleth1/4 - Branch Core ------- PA ------------------Branch routerWe want to enable ospf in New_VR . As per requirement DMZ subnet of default VR and GP ip pool should redistribute via ...

Deepak25 by L3 Networker
  • 3674 Views
  • 2 replies
  • 0 Likes

auto commit issues after upgrade to 10.x

Hi, We started to experience auto commit finishing delay on our PA-5220 after the upgrade to 10.x. We have a pair of HA PA-5220 in active/passive mode, we never had an auto commit issue before in previous updates, reboots of the firewalls. We have upgraded numerous times before from 8.x all the way to 10.x. In our recent upgrade to 10.1.x, t...

RREALICA by L2 Linker
  • 22759 Views
  • 14 replies
  • 9 Likes

Upgrade of 5260

Dear Team,I have upgraded PA-5260 from 10.0.12 to 10.1.9-h3 and faced weird, issues after the upgrade the customers monitoring system has generated some errors like this >> "device 'slot-1 data processor' status is 'down' "" we have checked and slot1- dp1 these are up but the error in their monitoring system is still alive, can some one as...

Resolved! VPN Traffic not match configured policy hitting default trust to Untrust

Need some assistance with A S2S VPN - We have configured a Similar tunnel from another site to destination 3rd party peer and it's working. The 2nd site is configured the same as the working one. What I cant figure out is the tunnel is up, both tunnel interfaces are up. The Virtual router has static routes to desti primary with metric of 10 and ...

bobany89_0-1701713992772.png

Manual Gateway Selection in GP

Hi Team, We are unable to select the Gateway manually in GP may i know how to set this up? Users needs to get the option to select the Gateway manually. This is quite urgent please help. Regards, Sanjay S

RFC1006 protocol over TCP

Hi has anyone heard of this protocol, give simple example of how it works AND whether or not it's supported by Palo Alto ?

daz12 by L1 Bithead
  • 1069 Views
  • 1 replies
  • 0 Likes

URL Category rule works on some firewalls but not others

We are using a rule to permit traffic for Cisco licensing using URL Categories. The rule is applied via template, so all of the firewalls get the same rule. The only variable is the source IP/host. This rule works on most of the firewalls (all are PA850) but fails on some. The traffic does not match the rule and is blocked by the default rule.

jwill2 by L2 Linker
  • 1653 Views
  • 3 replies
  • 0 Likes

PA-220s randomly crashing

We are having a large number of our PA-220s randomly crashing. No critical system logs are see shortly before the crash, the device just goes down and they are logs of dataplane starting up like 30 minutes later. Our other models are fine, its only the 220s we are having issues with. We have had a critical TAC ticket for the last few days and it...

Claw4609 by L5 Sessionator
  • 5584 Views
  • 9 replies
  • 0 Likes

Need help! Specific subnet cannot access my internal resource

Hi Team, I just need an advise. I have this setup as attached but I have this mystery that's been bugging me for days now. There is only one subnet which cannot access my internal resource. I ran the filter and global counter and there are specific counters I noticed. Can someone enlighten me on this? Regards, Renz

renzanjo11_0-1701938769587.png

Resolved! PAN_OS 10.0.0 upgrade issue

i am going to upgrade pan-os from 9.1.14-h4—>10.0.0–>10.0.11-h1–>10.1.0–>10.1.6-h6 for my pa 3260 device.But when the Pan-os upgraded to 10.0.0, i waited for two hours and the global protect client can connect the portal and gateway, but it can't access any network include Paloalto host ip, internal network and external network. i...

Resolved! Layer 3 between 2 buildings

Hi everyone, I have 2 buildings; they are about 40 miles apart. I'd like to set up a layer 3 connection (OSPF) between 2 buildings. The fiber connection is provided by the ISP and is ready. I have a couple of questions: Is it a good practice to use virtual wire ports between 2 routers A and B for layer 3? We own all the equipment but not th...

tinhnho_0-1701963726227.png
tinhnho by L3 Networker
  • 2532 Views
  • 3 replies
  • 0 Likes

Resolved! DNS setup best practice

Hi All , I am planning to use FQDN based address for security policy . Any best practice to follow . As we have concern related to FQDN dns cache on firewall . And if we are connecting to cloud ( using hybrid setup) any specific recommendation for that as well . Thanks

deepak12 by L3 Networker
  • 7391 Views
  • 6 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels