General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Adding IP's on Policies on panorama

Hi All, Needing your suggestions i'm adding a list of ip addresses on policy that I created on branch and when I push it I got an error on NAT ISP 1, NAT is not a problem I knw because everything is working correctly. I notice that this has been added on dublin site so what I mean is there is a policy on dublin site then there is policy on bra...

weezy by L3 Networker
  • 1998 Views
  • 2 replies
  • 0 Likes

Layer 3 sub interfaces on Hyper-V

Hi all, I am trying to get Palo Alto VM series (10.2.3) to work with layer 3 sub interfaces on Hyper-V (2022).I configured interface/subinterface from the documentation (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRkCAK)I also tried it with removing the ip.adr 192.168.4.252/24I also tried setting the vSwitch to tr...

pa_subinterface.png

Resolved! Implementing Applications Over Services

We recently completed a migration and I am in clean up mode. I would like to utilize applications but we do some no decryptions exceptions rules that bypass decryption. I am concerned that without decrypting, the rule will break and traffic won't flow. What is a safe way to begin transitioning from services to applications?

Access PA-440 MGMT Interface via Cisco Switch

Hi Guys, I am working with below scenario and would like some help. As shown in diagram: A cisco switch IE3400 is connected with PA-440 with trunk connection and also one of the interface of switch is connected to MGMT port of PA-440. There are multiple VLANs in the network but I showed only the relevant in this case. Cisco Switch has Vlan 10...

Janmejay_Dave_1-1687412475430.png

Ensuring Accuracy: Introducing the Audit Date Stamp on LIVEcommunity

LIVEcommunity recently introduced a new feature to help you know when content has been reviewed for accuracy: the Audit Date Stamp. With this latest enhancement, you can now easily identify when an article has been audited, confirming that the information is current, screenshots are up-to-date, and any solutions or use cases function as expec...

JayGolf_0-1686676207668.jpeg
JayGolf by Community Team Member
  • 1812 Views
  • 1 replies
  • 1 Likes

Resolved! Packet drop in the Firewall

Recently, we did a Migration activity, From the Juniper SRX to Palo Alto. After successful Migration, we can notice that one drop over the PA firewall.We did troubleshooting from our end and in the global counter can see below error with drops flow_fpga_ingress_exception_err 1865 19 drop flow offload Packets dropped: receive ingres...

Traffic redirects to captive portal

We currently have a policy in place that allows all HTTP and HTTPS traffic from a test server (Trust) with a static IP address to reach untrusted networks. However, when accessing the server from a browser, it automatically redirects to a captive portal and blocks internet access for server applications. The internet was functioning properly on ...

Bijesh by L1 Bithead
  • 2192 Views
  • 1 replies
  • 0 Likes

URL Profile Known Bad Categories

What are the known bad url categories that palo checks is blocked? We currently block all the categories in this document but AI-Ops still flags it. Is there a way to see specifically what its failing? Malicious URL Categories (paloaltonetworks.com)

Claw4609_0-1687291149037.png
Claw4609 by L5 Sessionator
  • 2538 Views
  • 3 replies
  • 0 Likes

Backline support not answering - how to raise a case with Palo Alto directly

We are supposed to have 24 x 7 support through Westcon but have been unable to contact them. Previously when emailing their support an autoresponder would reply with a ticket number. Not even this happens now. The AUS support number rings out. Is it possible to raise a case with Palo Alto directly - we have a VPN issue that must be resolved by...

Replacing Cisco HSRP Pair with Palo in Active Standby - 2x ISP Transit BGP

Hi, Currently we have a pair of Cisco routers each connected to a different ISP with static addresses. We have a public address range 203.x.x.x/24. The inside interfaces of these pair of routers are .2 and .3 of this public address range and the HRSP .1 between them. Currently each router takes the full BGP tables from its connected ISP and ...

Before.jpg
After.jpg
DunkleyG by L0 Member
  • 2259 Views
  • 1 replies
  • 0 Likes

Dectyption Issue

Dear Team! I got a problem with Decryption on some websites. For example admin.microsoft.com. When I try to open this website, the web browser gives me a simple white blank without any content in it. In this case, decryption is on. I saw the error, depending on the certificate chain of trust, and I follow the documentation and imported the missi...

Resolved! Palo Alto cluster questions

1. Palo Alto HA Sync links can be on different networks ? HA1 seems not "The HA1 IP address for both peers must be on the same subnet if they are directly connected or are connected to the same switch." But like to confirm. I saw the gateway configuration for those links. HA2 seems possible, "Use Layer 3 only if the HA2 connection must...

gongya by L3 Networker
  • 2271 Views
  • 2 replies
  • 0 Likes
  • 24400 Posts
  • 123 Subscriptions
Top Solution Authors
Labels