General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Failed to delete certificate - Invalid Location / Permission Denied

Hardware: PA220 Version: 10.1.5-h1 I'm trying to use a certificate that appears to be having issues. I first noticed the issue when I attempted to create a certificate profile using a trust root CA. When I try to create the profile, it fails to create and has error message "CA -> *CA NAME* is invalid -> CA is invalid". I then went to e...

Resolved! Adding IP's on Policies on panorama

Hi All, Needing your suggestions i'm adding a list of ip addresses on policy that I created on branch and when I push it I got an error on NAT ISP 1, NAT is not a problem I knw because everything is working correctly. I notice that this has been added on dublin site so what I mean is there is a policy on dublin site then there is policy on bra...

weezy by L3 Networker
  • 1999 Views
  • 2 replies
  • 0 Likes

Layer 3 sub interfaces on Hyper-V

Hi all, I am trying to get Palo Alto VM series (10.2.3) to work with layer 3 sub interfaces on Hyper-V (2022).I configured interface/subinterface from the documentation (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRkCAK)I also tried it with removing the ip.adr 192.168.4.252/24I also tried setting the vSwitch to tr...

pa_subinterface.png

Resolved! Implementing Applications Over Services

We recently completed a migration and I am in clean up mode. I would like to utilize applications but we do some no decryptions exceptions rules that bypass decryption. I am concerned that without decrypting, the rule will break and traffic won't flow. What is a safe way to begin transitioning from services to applications?

Access PA-440 MGMT Interface via Cisco Switch

Hi Guys, I am working with below scenario and would like some help. As shown in diagram: A cisco switch IE3400 is connected with PA-440 with trunk connection and also one of the interface of switch is connected to MGMT port of PA-440. There are multiple VLANs in the network but I showed only the relevant in this case. Cisco Switch has Vlan 10...

Janmejay_Dave_1-1687412475430.png

Ensuring Accuracy: Introducing the Audit Date Stamp on LIVEcommunity

LIVEcommunity recently introduced a new feature to help you know when content has been reviewed for accuracy: the Audit Date Stamp. With this latest enhancement, you can now easily identify when an article has been audited, confirming that the information is current, screenshots are up-to-date, and any solutions or use cases function as expec...

JayGolf_0-1686676207668.jpeg
JayGolf by Community Team Member
  • 1813 Views
  • 1 replies
  • 1 Likes

Resolved! Packet drop in the Firewall

Recently, we did a Migration activity, From the Juniper SRX to Palo Alto. After successful Migration, we can notice that one drop over the PA firewall.We did troubleshooting from our end and in the global counter can see below error with drops flow_fpga_ingress_exception_err 1865 19 drop flow offload Packets dropped: receive ingres...

Traffic redirects to captive portal

We currently have a policy in place that allows all HTTP and HTTPS traffic from a test server (Trust) with a static IP address to reach untrusted networks. However, when accessing the server from a browser, it automatically redirects to a captive portal and blocks internet access for server applications. The internet was functioning properly on ...

Bijesh by L1 Bithead
  • 2192 Views
  • 1 replies
  • 0 Likes

URL Profile Known Bad Categories

What are the known bad url categories that palo checks is blocked? We currently block all the categories in this document but AI-Ops still flags it. Is there a way to see specifically what its failing? Malicious URL Categories (paloaltonetworks.com)

Claw4609_0-1687291149037.png
Claw4609 by L5 Sessionator
  • 2539 Views
  • 3 replies
  • 0 Likes

Backline support not answering - how to raise a case with Palo Alto directly

We are supposed to have 24 x 7 support through Westcon but have been unable to contact them. Previously when emailing their support an autoresponder would reply with a ticket number. Not even this happens now. The AUS support number rings out. Is it possible to raise a case with Palo Alto directly - we have a VPN issue that must be resolved by...

Replacing Cisco HSRP Pair with Palo in Active Standby - 2x ISP Transit BGP

Hi, Currently we have a pair of Cisco routers each connected to a different ISP with static addresses. We have a public address range 203.x.x.x/24. The inside interfaces of these pair of routers are .2 and .3 of this public address range and the HRSP .1 between them. Currently each router takes the full BGP tables from its connected ISP and ...

Before.jpg
After.jpg
DunkleyG by L0 Member
  • 2261 Views
  • 1 replies
  • 0 Likes

Dectyption Issue

Dear Team! I got a problem with Decryption on some websites. For example admin.microsoft.com. When I try to open this website, the web browser gives me a simple white blank without any content in it. In this case, decryption is on. I saw the error, depending on the certificate chain of trust, and I follow the documentation and imported the missi...

  • 24401 Posts
  • 123 Subscriptions
Top Solution Authors
Labels