General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Two ISP, one IKE-gateway. Loopback as IKE-source, source-nat - session and IKE never actually reset.

What I am trying to achive: I have two ISPs with two different static IPs. I want to create one tunnel to one remote site. Tested with panos version: 9.1.14-h4 Loopback IP: 192.168.99.1/32 inside zone eth1/1 WAN1: 11.11.11.11 outside zone eth1/2 WAN2: 22.22.22.22 outside zone Tunnel IP: 172.16.99.2/30 inside zone Both ISPs have RP-filter str...

Resolved! Dynamic update scheduling question

Hi Everyone, I manage a few firewalls (same model) with a template under Panorama; my firewalls do get Wildfire updated but I'm not sure how often they get updated. On Panorama, I look under Device -Dynamic Updates-'TemplateFWs', I don't see anything schedule/setup for Wildfire (WildFire Schedule: None(Manual)) but when i go to each firewall ...

tinhnho by L3 Networker
  • 2649 Views
  • 2 replies
  • 0 Likes

We Want to Hear From You! LIVEcommunity UX Survey

Hey Everyone! Got a sec? The Live Community Team would love to get feedback on your community experience! If you are interested in giving your feedback and earning a new community badge, please take this short survey before May 15, 2023. Thank you for sharing your unique insights with us! Your feedback is important, not just to our team b...

Screen Shot 2023-05-04 at 10.46.37 AM.png
JayGolf by Community Team Member
  • 1628 Views
  • 0 replies
  • 3 Likes

Resolved! System Log Message "WFRTSIG: Unknown error."

Hey Community, we have a pair of PA-3220 in an active/passive Cluster with panos 10.0.7 and since about 4 weeks we see the following system log entry almost every night around 11pm: WFRTSIG: Unknown error.We see this entries on both devices (active and passiv) but times are different. What I´ve done so far was to rebboot both devices but the log...

API calls to Azure failing

Hi All, We have a setup to turn-on and turn off VPN from Palo VM to Azure (at a specific time daily) but recently the tunnels are not coming up. Seems like the API calls are not being received at the other end. This setup was working before but stopped all of a sudden. VM is on 10.1.4 and I do not see any bugs addressed on the higher version. Wh...

Pras by L4 Transporter
  • 5283 Views
  • 6 replies
  • 0 Likes

Resolved! ztp firewall upgrade a panorama

Hi. So Upgrade ZTP Firewall for Panorama. Panorama OS : 10.2.4 ZTP Firewall OS : 10.1.2 The ztp firewall is not licensed. It was set up by referring to the link, but no update has been made. https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-upgrade/upgrade-panorama/deploy-updates-to-firewalls-log-collectors-and-wildfire-appliances-usi...

qmso475 by L3 Networker
  • 2195 Views
  • 2 replies
  • 0 Likes

GlobalProtect on a Chromebook using HIP check.

Here's something interesting that I'm running into. I have a Chromebook managed by Google Admin Center. I have GP 6.0.6-8 installed on the Chromebook. I am doing a HIP check for Host-Id. The Chromebook connects and the HIP info is verified until the Chromebook is rebooted or logged out of. Then on the next connection attempt the vpn connection i...

rnicic by L0 Member
  • 2719 Views
  • 3 replies
  • 0 Likes

Chromebook using always on, asks to install a certificate.

We are trying to connect our Chromebooks to GlobalProtect using always on. The Chrombooks are managed by The Google Admin Console. We are pushing the certificate as described by google. On connect GP askes to install a certificate. If I cancel then it says the cert in not found or invalid. If I try to install a cert there is not anything on the ...

rnicic by L0 Member
  • 2209 Views
  • 1 replies
  • 0 Likes

Resolved! PA-450 PAN-OS Sofware missing from Updates > Software Updates

Hi We have 4 PA-450 that are new out of the box and we need to upgrade the software on them to a newer realease. When i login to the support portal and look under Updates i dont find anything related to PA-450 under the content type to select from? If there a way to get a copy of a specific release and upload it to the devices? The Firewalls...

AdamGB by L0 Member
  • 5815 Views
  • 4 replies
  • 0 Likes

The dreaded User-ID, Dynamic TAGS, XMLAPI and Multi-vsys

Hi Community, my first post so hopefully I am in the right area.I am running a multi-vsys setup with 5220's in Active-Active HA and using XMLAPI calls from Aruba ClearPass to send login/logout info as well as tags for use in dynamic object groups. It seems to be hit and miss with tags being registered for clients/IP addresses particularly on one...

gfirth77 by L0 Member
  • 3045 Views
  • 1 replies
  • 1 Likes

Zone protection for VM series

Hi everyone, I was looking for PA best practices for VM series' zone protection but only found documents that talked about physical PA. 1. Are physical and VM series zone protection the same? could you point me where the docs for these are? 2. Under zone protection profile, flood protection, and SYN, there are 2 options 'Random Early Drop' ...

tinhnho by L3 Networker
  • 4905 Views
  • 6 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels