General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Thank You for Filling Out the LIVEcommunity Experience Survey!

If you've visited LIVEcommunity anytime recently, you've probably seen a pop-up asking for your feedback. We've deployed this survey since April 2020 for new and returning visitors alike as a way to gather feedback from our users. 

 

In the past six

...

survey-livecommunity.png
jforsythe by Community Team Member
  • 14527 Views
  • 1 replies
  • 4 Likes

Detect ipsec vpn tunnel down with remote palo alto peer

 

 PA5020/PAN-OS 7.1.10

 

 I am trying to develop a NAGIOS check to get an alert , when a vpn tunnel between PA's at different locations

is down. So far I have been looking at the ifup-status of the corresponding tunnel interface at the local firewall. I

...

Unable to connect to pool.ntp.org

Hi

I have a problem with the NTP sync. When i make a "show ntp"

 

NTP state:
NTP not synched, using local clock
NTP server: asia.pool.ntp.org
status: rejected
reachable: no
authentication-type: none
NTP server: pool.ntp.org
status: rejected
reachable: no
authent

...

shared folder in clientless VPN

Dears,

 

Is it possible to configure the shared folder in clientless VPN?

Example:- I have one file server and i want to give access to users via clientless VPN. please share any documents for configuration.

Minemeld client cert error

I am trying to use Minemeld for indicator sharing and am receiving and error that says "client cert required and not set, polling closed". Where and how do I upload the cert? Do I have to insert it somewhere in the config? Any help would be appreciat

...

Resolved! Active Active BGP AS Number

Have a Active/Active spit data center solution and question has been brought up if it is possible to use different AS numbers on each of the Palo's. My thinking is why have Active/Active, just use each Palo as a separate individual firewall at each D

...

syslog-ng 3.5.4.1 failure on boot

Hi, We have integrated syslog-ng 3.5.4.1 on a client machine which sends logs to server which is running syslog-ng 3.16.1, some times, I see below error at the boot up of our target

syslog-ng[1762]: Error opening control socket, bind() failed; socket=

...

User100 by L0 Member
  • 669 Views
  • 1 replies
  • 0 Likes

Resolved! SSL Decrypt does NOT work with TLS 1.1 or TLS 1.2

Hello,

I'm running a cluster of PA (4.0.8) with SSL Decryption configured.

SSL Decryption is not able to decrypt SSL traffic if the HTTPS session is using TLS 1.1 or TLS 1.2.

Test with www.gmail.com   

Chrome : OK (see gmail application in the traffic l

...

licenselu by L4 Transporter
  • 8910 Views
  • 21 replies
  • 0 Likes

Palo Alto PA-3020 Won't Boot

I have a Palo Alto PA-3020 that I got from work a few months back, it was pulled in working condition a few weeks ago, but when I power the unit on the power LED lights up and the fans spin, but no other lights are on. I tried connecting to the unit

...

Resolved! SSL Decryption and Security profiles

Hi 

 

I have a question . Currently PA 3020 cluster  we don't have ssl decryption enabled . We plan to do it in March

 

However , if we enable all other security features like AV,Antispyware File blocking , Vulnerabilty Protection , Wildfire  etc , it wo

...

add new local log collector in collector group

We are using standalone M-200 for 5 locations firewall and created collector group with single local log collector of M200.

 

We are deploying our new M-200 at another location and it will be in HA with our existing M-200.

This new M-200 will be Active-

...

Deepak_K by L3 Networker
  • 461 Views
  • 1 replies
  • 0 Likes

Layer 2 sub interface with vlan is not working

Hi all,

 

I am trying to configure palto interface in layer 2 mode as trunk and Vlan interface as SVI.

 

Interface             interface type             IP address              Tag                Vlan         Sucurity zone

ethernet 1/10      layer2     

...

Resolved! IpSec Tunnel Up but not passing traffic

Hi all,

 

I have "Inhand Ir611" Industrial Cellular Router and Palo Alto in office. I have configured Inhand router and i have reach to internet. Than i setup Ipsec Tunnels to my Office Palo Alto.

 

Everything looking good after configuration and restart

...

Lacrymae by L1 Bithead
  • 2097 Views
  • 3 replies
  • 0 Likes

alert action or default(alert) - No logs seen

Hello ,

 

I have created an Antivirus Profile

 

The action i have set is Alert  and not default(alert)   . Similarly  Wildfire Action in AV profile is also "Alert"  

 

However when i see Threat Logs and filter by ( subtype eq virus ); i cant see any log

 

I

...

Resolved! Query for DNS Security

Hello,

 

In anti-spyware Palo Alto DNS security option, the default action was already on alert.

We don't have DNS Security License.

1. What should be the default action which I keep? Should I keep on alert or sinkhole?

2. If I keep the action on sinkhole

...

Top Liked Authors