General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Reading counter flow errors

Hi All, Apologies as I am still new and trying to learn Palo Alto. I encountered an issue wherein a new switch is causing a large number of packet drop parse. I found it on the IP below. How do you interpret the logs generated? The 10.5.4.100 is a Dell device, while the 10.5.4.2. I am unable to look up the MAC address. Thank you in adv...

mudvayne15_0-1660691821831.png
mudvayne15_1-1660691830234.png

Unable to categorize my companies URL

Hi, I am unable to categorize my companies URL on behalf of one of our customers, that uses a Paloalto firewall. My colleague received the following message when attempting to perform this action: "In the meantime, Palo Alto Networks URL Filtering allows you to create custom URL categories that best suit your unique business needs. Pleas...

Migration Issue from PA-500 (HA-Active/passive) to PA-3220 with HA-Active/Passive

Hello, Hi Brothers, Existing PA-500 (PAN-OS 8.1.17) and New PA-3220 (PAN-OS 8.1.17) I tried to export the running config from FW (PA-500) as XML format and import it into the new FW (PA-3220) Shows me a lot of error and warning as there is a lot of discrepancies as following DetailsValidation Error:deviceconfig -> high-availability -...

Resolved! QoS Configuration Subnet /32

I have followed below link to configure a QoS setting for testing purpose. Configure QoS (paloaltonetworks.com) I have specify only 1 ip 192.168.1.x /32 in QoS profile and also tried to specify in the interface clear text traffic. In the result the QoS not only apply in only the IP that I specify but it apply all traffic going out through th...

JiaXiang by L4 Transporter
  • 3550 Views
  • 3 replies
  • 0 Likes

With PanOs and DUO (As 2FA), Entering on Windows Globalprotect ask to duo indefinitely.

Hello Everybody, We have recently upgraded our Firewalls to PanOs 10.2.2. We have DUO as a second factor authentication. The config we have is with "Always On" , from the upgrade, When a Computer starts, the user enter the credentials, and then Globalprotect try to connect to the VPN (Single Sign on active). The trouble arrives if the user ...

Resolved! Upload and Download QoS

May I ask how to configure upload and download QoS? I have tested whether I perform upload or download, the QoS always hit LAN->WAN policy. The result is different from what this article said. https://live.paloaltonetworks.com/t5/general-topics/qos-bandwidth-limitation-download-amp-upload/m-p/315516#M81270 My customer wants to do so is that...

Resolved! HELP - my Website is being blocked by GlobalProtect

We have produced a new website for a customer https://vertexgis.uk/ , but their key target audiences in the UK all use GlobalProtect and their website is being blocked as it is seen as a new site although it is now about 3 months old. Please can anyone help and advise how we can urgently get this website unblocked. It would not look profession...

Cisco VPN Behind PA-3220

We have a third-party that borrows our network to establish a VPN tunnel back to their office via a Cisco 881 ISR. We have it on a segregated guest network and it establishes an ike/ipsec tunnel back to their ASA over our internet connection. Workstation --> Cisco 881 --> [Guest Network] --> Palo Alto FW --> Internet --> Cisco A...

Someone school me on Syslog and Panorama

I have Panorama managing roughly 10 firewalls. I have logging setup on those FWs to send to Panorama, email and send syslog to a 3rd party host. I struggled immensely trying to get everything configured correctly on PANORAMA and the FWs themselves to even send logs. The syslog server is getting the logs but they are all coming from PANORAMA ...

drewdown_0-1659635032714.png
drewdown by L4 Transporter
  • 3128 Views
  • 1 replies
  • 0 Likes

Not getting proper SMTP traps for power supply removal and insertion

Hi Folks, We have PA-5260 in HA pair in our environment. Recently we had configured SNMPv2 traps on Palo Alto firewall to forward traps to our SNMP server and configured Log forwarding to forward All system logs as traps to the SNMP server. Specifically we need to forward power supply related traps forwarding. Yesterday we had removed on of...

Question about CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering (Severity: HIGH)

Dear all, PAN-OS CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering (Severity: HIGH) https://security.paloaltonetworks.com/CVE-2022-0028 About CVE-2022-0028 on Palo Alto vulnerability. If we have policy that config source with any because we use shared policy for all vsys. If we config source...

Resolved! SSL Decryption+ALPN not stripped: yandex.com not working

Hi I have a customer that wrote to me yesterday that if they remove the checkbox for Strip ALPN while having SSL decryption enabled, a few web sites such as yandex.com stop working.I was able to reproduce this with my PA-3220 and PANOS 9.1 and also on my VM with PANOS 10, the result is ERR_HTTP2_PROTOCOL_ERROR in Edge browser. There do not appea...

ShaiW by L4 Transporter
  • 8390 Views
  • 4 replies
  • 1 Likes

Resolved! Updating the HA configuration in large hops.

Hello community I am upgrading a PANOS 8.0.7 to version 9.1.14-h1 I would like to know if in the transit versions, you download and install only the base 9.0.0.0 or is recommended to download the base 9.0.0 and install the recommended 9.0.16-h2for example:Go from 8.1.x to 9.0.0 (transit version) and continue from 9.0.0 to 9.1.x.orGo from 8.1...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels