General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Stateful Session rely on interface or Zone

Hi There, Currently, I'm testing redundancy for vWire pair. I have replicated the existing vWire and sub-interface configuration to another couple of interfaces. Now both the vWire pairs have identical configurations including the zone. I anticipated the stateful session to fail when the traffic switched from one vWire pair to another. But whe...

Feature suggestion: better candidate configuration highlighting and testing

These are some suggestions that would help a lot when creating new rules: 1. Highlight modified uncommited policies. You may argue that a user should know what the is chaning, but the problem is multiuser. When a user has a candidate rule, but hasn't applied it, other users cannot tell which rules have been modified. 2. Allow testing of ...

URL Filtering

Good dayI am sure this question is answered somewhere but I somehow cannot locate it, so please be patient as I go through the problem we experience.Our company's US URL is listed as High-Risk when testing it through the URL Filtering website even though we provide a legitimate service and product across the world. I did change the category in h...

Restoring Palo Alto from AWS snapshot - interfaces etc

Apologies if this is a basic question but first time I do this maybe in a real production environment and I have no prior experience. Does anyone have an example of restoring Palo Alto in AWS (from a snapshot)? Where could things go wrong in the restore process for example interface issues. If anyone has experience please let me know.

ChatGPT Access

Hi Team, Users are trying to access ChatGPT and getting error, but we have allowed teh ChatGPT APP-ID and still the same. Not even seeing any error at all. What is the best way to fix it? Regards, Sanjay S

NAT traffic from DMZ to another zone

Hallo Everyone, I am using PA-220 let’s call PaloAlto-Firewall “X” Office Firewall “Y” Other firewall “Z” Firewall X has 8 Interfaces. Interface 1/1: has the IP-Addressee 192.168.5.254. we assigned this Interface to a Zone Called "DMZ". When this firewall and this Interfaces want to communicate with our office Network it send the traffic to fire...

MRahaman by L0 Member
  • 2155 Views
  • 1 replies
  • 0 Likes

Resolved! Broken email notifications formatting in version 11.0.1

Hi all I noticed that email notifications in ver 11.0.1 are kind of broken from the formatting point if view they just look like a blob of text, instead of a decent formatted email in ver 10.2.4 is there a way to fix it? Thank you

broken_email_notifications.png
nevolex by L3 Networker
  • 22840 Views
  • 26 replies
  • 3 Likes

URL category block triggers not logging in Panorama

Hi, I am testing global protect using Prisma Access - Panorama managed.. On panoroma - i have a mobile user security rule applied with a custom URL filtering profile enabled where I have set the action to block for some of the newer URL categories introduced by PAN in recent times.. ie 'ransomware', 'scanning-activity' and 'command and control'....

PA_nts by L4 Transporter
  • 986 Views
  • 1 replies
  • 0 Likes

Resolved! anyone notice issues with HA pair synchronization with panos 10.1?

so our organization recently upgraded our firewalls from PANOS 9.1 to 10.1. ever since the upgrade, we've had an issue with HA pairs not synchronizing their configs automatically. this does not seem to happen every time a commit is pushed from PAN but it happens regularly enough that we have to manually sync at least one pair weekly. is this som...

pan-os-python Panorama set_ha_peers() method not working

The document I'm referring to - https://pan-os-python.readthedocs.io/en/latest/howto.html > High Availability Pairs I've been working with the pan-os-python SDK, specifically with a Panorama High Availability (HA) pair. I'm following the documentation that guides on using specific methods with 'firewall pairs'. The primary advantage, as des...

vsurresh by L1 Bithead
  • 1915 Views
  • 1 replies
  • 0 Likes

How to Configure IPSec VPN Tunnel when a peer is behind a router without a static public IP

EnvironmentPaloAlto Next-Gen FirewallIPSec VPN TunnelTopologyPA1 ----- Router ----- PA2 Public IP of PA1 : 10.50.50.50Public IP of Router : Dynamic IPInternal IP of Router : 10.20.20.1Private IP of PA2 : 10.20.20.20 PA2 Private IP is natted by Router with Dynamic IP of Router itself 10.20.20.1 is the Default Gateway of PA2. This is my IKE Ga...

Iandrea by L0 Member
  • 2701 Views
  • 1 replies
  • 0 Likes

Resolved! IPV6 how to protect the hosts

Hi everyone, I learn the palo alto firewalls as I configure them. I have a PA firewall with 3 vlans, with management allowed over main vlan. My ISP provided the Ipv6/48 block and I have manage to redistribute it over the networks it works great. However considering eveyr ipv6 address is routable and I naturally have no NAT means that the dev...

nevolex by L3 Networker
  • 2513 Views
  • 1 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels