General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Prisma direct access to Azure

Hello, I connect from home via Prisma to on-prem. I have a few domain controllers setup for pre-logon etc. - what if my domain controllers were all offline or the firewall was offline - can i have a domain controller in Azure I have setup a site to site VPN from Azure to my firewall and can copy data across but dont know yet how to get my Pris...

ohareka by L1 Bithead
  • 3394 Views
  • 3 replies
  • 0 Likes

Resolved! what does "SWITCH" in hardware architecture mean?

One of my customers is using PA-3020 and thinking about replace. When I comparing following diagrams, I have one question. PA-3020 has dedicated "signature matching", "security processing", and "network processing" as below Compare to above, PA-400 has ONE dedicated processor with 3 features included. PA-3200 has THREE dedicated processo...

Image 004.png
Image 003.png
Image 001.png
Image 002.png
emr_1 by L6 Presenter
  • 7603 Views
  • 3 replies
  • 2 Likes

PA850 10.0.8-h2 upgrade to latest

Hello, We have a customer with PA-850 running 10.0.8-h2 and they want to upgrade to latest. As this firewall is placed in totally isolated environment and the customer wont allow to connect internet on firewall. This firewall is in HA peer mode. Any guidelines to upgrade to latest OS for PA 850 as offline mode? Thanks in advanced

Resolved! Active / Active HA IPsec tunnel setup.

Hi, We have an Active/ Active firewall between 2 datacenters. We have configured a single tunnel on a floating IP that is Active in Datacenter A to a remote Partner. Firewall in DC A is currently in Active Secondary State, Firewall in DC B is currently in Active Primary state. The tunnel has both phases up on the firewall in DC A and only t...

zGomez_1-1681909533187.png
zGomez by L3 Networker
  • 4846 Views
  • 1 replies
  • 0 Likes

how can I stay up to date on the latest security trends and vulnerabilities to better protect my network?

Hi everyone, I'm new to network security and I'm wondering how I can stay informed about the latest security trends and vulnerabilities to better protect my network. Are there any particular resources you recommend, such as security newsletters, blogs, or online communities? Additionally, are there any best practices you would suggest for stayin...

gabriell by L0 Member
  • 1494 Views
  • 1 replies
  • 0 Likes

SYSTEM ALERT : critical : Out of memory condition detected, kill process 8000

We have two HA pair PA 5060 fw on PAN OS version 8.1.23, wherein the system logs, we see below OOM issue. Device up time is 352 days. SYSTEM ALERT : critical : Out of memory condition detected, kill process 8000 We have checked in the preferred releases for 8.1.* we don't see any publicly documented addressed OOM issues. We do see some i...

Enquiry regarding Palo Alto Firewall Model: PA-3250

Hi Palo Alto support, I would like to enquire the following questions pertaining our existing firewall. If our Palo Alto fw fails in the OS layer, does the traffic still passes through? If our Palo Alto fw fails in the hardware layer, does the traffic still passes through? When our Palo Alto fw boots up, deos the OS layer comes up first or et...

Resolved! Multiple Global Protect gateways on same firewall

I have a PA-3020 that will have two ISP connections. Primary ISP interface will be used for the Global Protect Portal and Primary Gateway using tunnel.1. Is it possible to have a second gateway using tunnel.2 on the same firewall using the secondary ISP interface? Also, if the Portal is only on the primary ISP interface and that connection is...

DNS Signature Lookup Timeout Error

I'm seeing quite a lot of messages logged in the syslog output from my PA VM-100 running PAN-OS 10.0.0: Aug 19 07:31:29 firewall-1 1,2020/08/19 07:31:29,007051000047085,SYSTEM,general,2560,2020/08/19 07:31:29,,general,,0,0,general,medium,"DNS signature lookup timed out",1461969,0x0,0,0,0,0,,firewall-1,0,0,1970-01-01T10:00:00.000+10:00What exactl...

Resolved! Wildfire-Content

Hi Guys, On Panorama - Device Deployment - Dynamic Updates, I see WildFire-Content and WildFire. Wildfire-Content: there are releases but they have never been downloaded nor installed. Wildfire: the releases downloaded and installed per schedule. On Panorama, what are the difference between Wild-Content and Wildfire? On the NGFW, there...

tinhnho by L3 Networker
  • 2359 Views
  • 2 replies
  • 0 Likes

ASA migration to PA

Hi Team, We want to migrate our firewalls from cisco ASA to Palo Alto. Instead of performing hot cutover, we are thinking the other option by connecting them inline to existing firewalls so that it will just monitor all policy and etc, which will help us to fix any of the configurations so that we can remove the existing firewalls without any ma...

NTP Sync 10.1.6 PA-220

Hi all, I'm getting this NTP status message. I'm quite sure it did initially sync but then reverts to this state. What exactly does "rejected" mean? The NTP server was reachable but has it been knocked back for some reason. NTP state: NTP not synched, using local clock NTP server: xxxx status: rejected reachable: yes authentication-type: n...

CBrookes by L1 Bithead
  • 8406 Views
  • 8 replies
  • 0 Likes

Resolved! NAT'ing subnets - Larger to smaller? Will it work?

I'm moving some rules from an ASA we will be decommissioning at another location to our local PA-5220 for an IPSEC tunnel that we are migrating. The existing rule set on our ASA is NAT'ing our /16 subnet onto a /24 which technically could be an issue but we have few users that use this tunnel so it isn't an issue and they could come from a numbe...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels