General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 2930 Views
  • 2 replies
  • 14 Likes

Solution for "SSL decryption bypass for Anydesk"

Hello,

 

I am being asked a lot about why is Anydesk getting a "decrypt-error" end reason when SSL Decryption is active.

Here is a simple explanation and how to overcome this.

 

What you usually going to do with this kind of errors is creating a Decryptio

...

OZamir by L1 Bithead
  • 12489 Views
  • 4 replies
  • 6 Likes

Recommended ways to manage numerous firewall policies

For people who have many firewalls which have similar policy, what are good ways to manage these, say for example I want to add a particular rule from one zone to another, and the zones are identical across 80 firewalls.

 

Am looking at using Device Gr

...

Server management cannot be restarted

I cannot login to the web GUI, I receve error "Timed out while getting config lock. Please try again. ". I saw that it has to do with overloaded server managment plane so i tryed to restart it form CLI, ussing the comnad  "debug software restart proc

...

Resolved! Fortigate VIP Equivalent

Hello,

 

I am working on a Fortigate to PA migration and I am trying to wrap my head around the equivalent of a Fortigate VIP (we used VIPs to go from public IPs to inside web servers) on a PA. Would I just create addresses for everything and then do t

...

Community Insights

Hi Guys,

 

I am in the process of gathering some insights on how to flesh out a book on Palo Alto Networks. I am running a poll for the same, and would be happy if you take it. Here's the link to it - https://www.linkedin.com/feed/update/urn:li:activ

...

denimp by L0 Member
  • 1099 Views
  • 0 replies
  • 0 Likes

Allow only Zoom for a subset of machines

I want to lock down Internet access for some machines to just allow them to use Zoom, but using the App-ID means I have to allow SSL and STUN too and I don't want that as that opens up a ton of other sites, Anyone have any suggestions? Maybe a URL fi

...

froche by L1 Bithead
  • 2824 Views
  • 2 replies
  • 0 Likes

Captive Portal Turned on but redirect Pages don't respond

I turned on Captive Portal a couple days ago on a test rule restricting access between two servers before i turn it on for production.

 

The rule restricts access to the end server as expected and navigating to http for the target server results in the

...

MP2021 by L1 Bithead
  • 3160 Views
  • 2 replies
  • 0 Likes

VPN Bandwidth Load Balancing

Hi Team,

 

I have three VPN connection for three isp network. We need to load balance the VPN connection when it reaches to a particular threshold for example 75% or 80% then the traffic need to shift to other tunnels.

 

For example if one tunnels is bei

...

Resolved! How to reduce downtime when migrate to an AE interface

Hi All,

 

Am going to bundle an existing layer3 interface (e1/1)with extra one (e1/2 ) to an ae1 interface. And then move the ip address from e1/1 to ae1. 

This is in a HA A/P configure, question is how to reduce the downtime to roughly 0?

If it will imp

...

AllanGao by L1 Bithead
  • 2253 Views
  • 3 replies
  • 0 Likes

Resolved! U-Turn NAT question

When setup U-turn NAT, can see SNAT part using an internal interface for DIPP. But in the scenario A/P FW has two downstream switches, ie. two internal interfaces, if need to setup 2 U-turn NAT policies . So that when the primary link down, can use t

...

AllanGao by L1 Bithead
  • 2783 Views
  • 4 replies
  • 0 Likes

Resolved! Security Policy "Last Hit" metric

Hello,

How is the "Last Hit" metric for a security policy on the firewall generated? Would the timestamp be based on the session start time or the received time of the log? Intuitively I would think the former, but I am starting to think its the latte

...

Pc does not join into Domain

Hi,

I can not join into a domain when the computer pass through PA.

This is my scennario:

PC - PaloAlto - Switch - DomainController

The PC and Domain controller are in the same Zone (trust) and I have a security rule: from zone trust, to zone trust, perm

...

  • 24030 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors