General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Firewallupdates via Panorama - huge delay in download and install

Hello, I'm managing several PA firewalls (10.2.2, 10.2.3, 10.2.4-h2) via Panorama (10.2.4-h2), I noticed a delay in AV, Content and App update deployment, sometimes it's days or even weeks. For example, the App update is planned to check and install every 30 mins. Release time is 3:30 in the morning, now it's 6:40 am here and the downlo...

PA-U1.png
PA-U2.png
PA-U3.png
Netzer by L3 Networker
  • 2351 Views
  • 2 replies
  • 0 Likes

Resolved! ECMP Virtual Router Inquiry

Good day, I have an inquiry regarding virtual router. We are transferring our ISP from vsys2 to vsys1. So, we encountered a message while in the ECMP configuration that requires for the Virtual Router to be restarted. So, here's my questions, what services might be affected once we restart the VR and for how long does the restart will take? A...

Problms with VPN Global Protect

Good morning, I currently use a reduced version of Global Protect VPN, every time I start the program it asks me to update, but for company reasons I shouldn't. The version I'm using doesn't have as many menus and there's no part to remove the update checkbox. Could someone tell me if it's possible with some registry configuration or something s...

Resolved! verify data traffic

I suspect my pair of pa3020s stopped passing data for a couple of minutes. How do i check? They're running panos 9.1.13-h3

kcheng by L0 Member
  • 1949 Views
  • 2 replies
  • 0 Likes

MOST COMMON ERROR MESSAGES

In your experience, what are the most common mistakes you have had when implementing Cortex XDR in a company?, enable ports, basic configuration, etc. Cortex XDR

Resolved! Understanding Static NAT

Hi All, When it comes to Static NAT it will be one to one NAT in vendors like Checkpoint and Cisco ASA. I am bit confused with the NAT configuration in Palo Alto. Went through config guide and examples of NAT as well but still confused. We have a scenario as below. We have 3 zones - WAN, LAN and DMZ. Users want to reach DMZ interface from WAN an...

Resolved! Can log in PAN OS VM

I get this error when i try and log in OZ3-06-05 06 : 11.0Z5 -0700 Error :sysd_construct_sync_importer(sysd_sync .c : 360): sysd_sync_register() failed: (111) Unknown

mzedalis by L0 Member
  • 2934 Views
  • 1 replies
  • 0 Likes

file blocking profile not working for SFTP

Hii we are trying to access our internal storage using SFTP from internet. after applying file blocking profile we are able to access mentioned files but firewall not restrict the file. we found that file blocking is not happening. Please advise how to block files when using SFTP.

Resolved! unknown command during SSH script

by testing a ssh skript i get an "unknown command" error from the CLI user@host:~/> cat reset.sh ssh -t -t fw.domain.de << EOF set cli pager off show user ip-user-mapping all type CP debug user-id reset captive-portal ip-address 1.2.3.4 quit EOF user@host:~/> ./reset.sh Last login: Fri Jun 2 23:05:16 2023 from 10.10.10.11 set ...

mhuels by L3 Networker
  • 2743 Views
  • 1 replies
  • 0 Likes

Resolved! Running Security LifeCycle Review SLR for a NGFW

Hi All, I have access to the PA HUB and want to run a SLR review for a client's NGFW (i have a statsdump file) however it is asking me to activate this service and requires a cortex data lake instance of which i don't have one, is this still doable? also if i do activate - what does it entail if i want to run future SLRs for potentially other cl...

Ants by L1 Bithead
  • 3370 Views
  • 2 replies
  • 0 Likes

Certificates not appearing in XML running configuration

Dear colleagues, I am having trouble with the custom Nagios plugin check_paloalto, specifically with the "certificates" check. The rest of the checks are working fine. Basically, the "certificates" check leverages the API calls and parse the XML running configuration file to find the certificates. The issue is that my firewalls (which are ma...

GGarolla by L1 Bithead
  • 2297 Views
  • 2 replies
  • 0 Likes

Resolved! Unable to access bing copilot (Bing AI Chat) from Prisma Access Remote Network

Recently Microsoft launched the new AI powered Bing search engine with the integration of chatGPT and Edge browser. There is some issue with the Prisma Access and chatGPT and users are unable to access it from the RN and as well as from the Prisma Access VPN. This post describes how to access the Bing copilot from the remote network. If you ha...

Screenshot 2023-06-03 015800.png
Screenshot 2023-06-03 021843.png
taison by L0 Member
  • 7996 Views
  • 1 replies
  • 3 Likes

Resolved! Best practice for Active/Passive HA and OSPF

I configured Active/Passive HA in an environment where the firewalls connect to a core switch. There is an OSPF adjacency exists between the active Palo and the core switch. I'm curious what the best practice is for OSPF and HA. When tweaking the OSPF settings on the Palo, disabling OSPF graceful reset/strict LSA checking led to a vastly quicker...

inssider by L1 Bithead
  • 11074 Views
  • 2 replies
  • 0 Likes
  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels