General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 413 Views
  • 0 replies
  • 2 Likes

QoS and IPSec

Hi All,

 

I would like to enable QoS on an IPSec tunnel. The tunnel is carrying mostly voice and signalling traffic.

If the voice traffic has a marking, eg EF, will this marking be copied to the outer IP header (the IPSec tunnel header)?

 

Or, will I have

...

Luke_R by L2 Linker
  • 1501 Views
  • 1 replies
  • 0 Likes

Resolved! Expedition: Export - Base Configuration Output

Export in base configuration output screen Device-Groups does not show arrows to expand organizational groups and sub groups. When trying to import from Panorama 10.0.

Currently running Ubuntu 16.04.6 and the Expedition shows 1.2.15 but had error mess

...

Gol4 by L0 Member
  • 1905 Views
  • 1 replies
  • 0 Likes

PA Firewall Performance Chart

Spoiler
Looking at the comparison chart, if I was interested in the 3430 and I use SSL decryption, threat prevention\wildfire\URL filtering and IPSEC vpn does that mean I would get roughly 9/2 Gbps or 12.2 Gbps?
Looking at the comparison chart, if I wa
...

roma_0-1648500614096.png
roma by L2 Linker
  • 1511 Views
  • 1 replies
  • 0 Likes

WMI On server 2022 for USER-ID

Hi There,

 

Have a pair of PA-3220s. User-ID was working swimmingly. Recently upgraded our DCs to Windows Server 2022 and WMI is routinely failing and showing "Not connected" under server monitor.

 

Doing some reading on WMI and Server 2022, and it sound

...

kaumell by L0 Member
  • 3319 Views
  • 1 replies
  • 0 Likes

Resolved! SSL certificate for passive firewall

There is an active passive pair having SSL certificate (management only) with different CNAMES (its own management IP).

 

While the CSR generation and certificate import (signed by ECA) is successful on active peer, the CSR generated on passive peer is

...

Resolved! IPSEC VPN - app-id

Hello all,

We have a software ipsec connection that will be between an inside server and a server in the cloud. The PA will just be a pass through so to speak, (nating and security rule).

The ipsec requires UDP 500 and 4500 and the IP 50 protocol. Do y

...

roma by L2 Linker
  • 3633 Views
  • 2 replies
  • 0 Likes

Bulk way to search logs for many IPs?

I have a list of over a 100 IP addresses that I would like to search logs to see if there has been any activity. Is there a way to search the logs files by feeding the FW a file containing the IP addresses? Thank you.

ccfritz by L1 Bithead
  • 1936 Views
  • 1 replies
  • 0 Likes

Resolved! using Azure MFA with Global Protect

Hello,

 

To configure Global Protect to use our already Existing MS MFA server, I followed this KB: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkkCAC 

 

I think I had to do one or two extra things as well, but in any case

...

Extending Eval license

Hi there,

 

My Eval Request is going to be expired soon, and I'd like to extend it for another 60 days but I don't know how?

 

Could someone please advise me how to extend my Palo Alto Eval license ? As I can't see any options in Palo Alto portal for lic

...

AK74 by L2 Linker
  • 2209 Views
  • 1 replies
  • 0 Likes

design help

 

Hi all ,

 

I have the above topology , Now the question where should iI keep the dmz zone 

on edge firewall or dc firewall 

 

Thanks 

 

pa dmz.JPG
simsim by L4 Transporter
  • 1463 Views
  • 1 replies
  • 0 Likes

FQDN resolution failures in Palo Alto

Hello

We are experiencing FQDN resolution failures in Palo Alto.

The Palo Alto has connection to the internal DNS; however, it does not resolve the FQDNs.

 

 



Please could you help us to verify this issue.

 

Regards

Alpalo_0-1648455350096.png
Alpalo by L4 Transporter
  • 1978 Views
  • 1 replies
  • 0 Likes
  • 23695 Posts
  • 110 Subscriptions
Top Solution Authors
Labels