General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

VPN tunnel and NAT rules

I have to create a VPN tunnel between two businesses.  The main objective is that company A needs to provide access to the following subnets to company B:

 

10.10.1.144/28

10.1.2.144/28

 

I've got all the tunnel info set up, and there is just a public IP

...

buck1 by L1 Bithead
  • 8402 Views
  • 6 replies
  • 0 Likes

Resolved! Why I see no logs for DoS policies

I am testing DoS policies and have alarm rate set as 1. I did not intend to be that low but I was not seeing logs under monitor for a server that is continuously used. There are  flood logs from Zone Protection and they use a different log forwarding

...

image.png
image.png
image.png
raji_toor by L4 Transporter
  • 2009 Views
  • 3 replies
  • 0 Likes

How to migrate from a PA-7050 to a PA-5250

Hello,

 

I'm looking for information on how to migrate from a PA-7050 to a PA-5250.  Is there any best practice documentation on how to make this transition?  I am looking for the steps to migrate.  I have migrated PA-500's to PA-820's, but haven't don

...

SNMP bug in Pan-OS 9.1.8

I monitor the following parameters with SNMP V3 using PRTG:

pan zone active other ip cps

pan zone active tcp cps

pan zone active udp cps

Since the upgrade from 9.1.7 to 9.1.8 these parameters can no longer be read. After downgrading to 9.1.7 it works aga

...

Han.Valk by L2 Linker
  • 1759 Views
  • 3 replies
  • 0 Likes

iframe support for PA 7050 firewall webUI?

We are setting up a single pane of glass to monitor multiple systems. The software uses a web browser and iframes to connect to the other systems. Some sites work and some don't. The PA 7050 firewall console in particular returns a "refused to connec

...

Recommended version for PAN-OS 3020

I appreciate you being able to advise me on updating the software version to which i can safely upload and according to our PA-3020 HA equipment model, we are currently in version 8.1.15-H3.

 

Regards,


Steven Herrera

Resolved! panos 10.0.5 can't commit firewall changes

Hi, I'm brand new to PA firewalls.  Have a new pair of 3220's in active-passive HA.  This is not in production.  We are using them to learn on and eventually, hopefully later in the year move to production, replacing an active-passive Cisco ASA.

 

I ha

...

ksauer507 by L3 Networker
  • 2268 Views
  • 2 replies
  • 0 Likes

DNS Proxy inheritance source

I want all devices on one of my interfaces to use my DNS servers, regardless of their configuration. Seems pretty simple, but I'm stuck.

I can edit and OK/OK out of the DNS proxy dialogs (PANOS 4.1.2), but commit fails with "Inheritance source needs t

...

rgraves by Not applicable
  • 4313 Views
  • 3 replies
  • 0 Likes

GlobalProtect OCSP validation not working

Hi,

 

OCSP verification configured in a Certificate Profile on my Palo Alto 3020 doesn't seems to work.

 

My GlobalProtect configuration with pre-logon is working with machine certificate but when I want to see the status of the OCSP cache on the Palo, I

...

ocsp-request.png
ocsp-response.png
pboegli by L1 Bithead
  • 2921 Views
  • 1 replies
  • 2 Likes

Resolved! Route selection algorithm

Hi everyone!

 

I have a question about PA virtual router logic. For example, I have two static routes

 

0.0.0.0/0 AD 10 metric 10 next hop 1.1.1.1

0.0.0.0/0 AD 10 metric 10 next hop 2.2.2.2

 

ECMP disabled. All dynamic routing protocols are disabled.

 

Which

...