General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Support portal error

Hi everyone! I work in PA's partner company and we have customer support portal account. But recently I'v started to get error after log in on the portal. This error is shown in an attachment photo. I wrote to nextwave support but I haven't received any answewr yet besides that "ticket has opened and we will respond you". I still haven't recaive...

1.jpg
Mishin by L1 Bithead
  • 4170 Views
  • 3 replies
  • 0 Likes

Global Protect Linux Custom HIP Check - Process

My client is looking to perform additional validation on systems connecting to their Global Protect gateways to ensure they are company owned systems. They use BigFix to manage their endpoints and they know if the Linux client is running the BigFix process it is running a company deployed image. They would like to create a custom HIP check to id...

Resolved! Is there a way to configure PA 5220 as L3/4 or L7 load-balancer?

Hi, We have two PA 5220 and we are wondering if there is a method to utilize them as load-balancers in addition to their main use as firewalls? Is it doable? If yes, do you recommend such use case for production environment? The goal is to load balance between two services using TCP or Diameter protocol. Appreciate your answer and advice...

Resolved! HA Link Monitoring.

Is there any pre-requisite to keep the interface speed and duplex to auto , auto if we are using them in HA Link Monitoring? During our HA Test our PA interfaces are kept in duplex auto , speed 1000 setting , we have shutdown the switch interface , PA has detected that that interface is down ( forced down) but it's not triggering the failover , ...

Sign On Error

I'm getting this error when trying to file a case in the support portal."Unable to provide subject and attribute info. Attribute mapping(s) failed: Mapping lookup 'getCustPortalUserfromCsp' returned empty result.You do not have access to this resource or an error occurred during the login process. Please see https://www.paloaltonetworks.com/comp...

whatok by L0 Member
  • 4827 Views
  • 5 replies
  • 0 Likes

CLI: create admin role

Hi, I'm struggling a bit to find an efficient way to create an admin role using the cli.Let's say I want to create an admin role and grant it all rights that can be found in the "Web UI" tab when using the web interface. Is there a command that basically does this?set shared admin-role webadmin role device webui ALL Right now the only way that I...

mlanterm by L0 Member
  • 7070 Views
  • 4 replies
  • 1 Likes

High Availability - Active goes down due to non-functional

Hello all,Last Sunday (6/26) at 5:37:27 PM, a failover occurred due to an Ethernet 1/22 interface down on the customer's Active Firewall. I have looked around the log to analyze the cause, but the CPU was not high and I couldn't find the cause. The figure below is ha-agent and route log. Do you know why such an error occurs? <routed.log>&l...

스크린샷 2022-06-27 오전 10.46.00.png
스크린샷 2022-06-27 오전 10.41.40.png
스크린샷 2022-06-27 오전 10.39.31.png

Incoming Email Not Flowing

Having an issue with my deployment. Incoming email is not flowing when deploying the PA. The cloud spam filter will not connect to the spam appliance (in DMZ) I can connect to the spam appliance with the external IP address so I believe NAT is not the issue I am also testing with any service until it connects. I included policy screenshots above...

Screen Shot 2022-07-17 at 1.15.31 PM.png
Screen Shot 2022-07-17 at 1.11.28 PM.png

Resolved! Aged Out in allowed traffic logs

Hi All, I have a doubt regarding aged-out feature in palo alto firewall.We are getting logs with allowed traffic towards different ports like port 23, 1433 etc.The device action is allow and in reason aged-out. I want to know that whether the traffic is really allowed or not. This is making too much confusion and kindly help me with this doubt....

ahmdsmr by L1 Bithead
  • 337700 Views
  • 11 replies
  • 0 Likes

SDWAN Zone Mapping

Trying to make sure I understand this correctly. For each zone to used within the SDWAN they must be mapped to the pre-defined SDWAN zones. For the following example would this be the correct method of mapping: Pre-SDWAN zones (same zones at all sites)UntrustPrivate WANTrust-1Trust-2Trust-3 SDWAN Zone MappingZone Internet: Untrust Trust-1, Tru...

Resolved! Can there be fallback authentication for GlobalProtect?

I ran into a scenario that rendered me useless remotely, and I'm wondering if I can configure secondary authentication for GlobalProtect...I used GP to VPN in remotely. My GP is set up to authenticate through Active Directory, and it works fine. I was updating my VMWare environment and SAN, in which I needed to power down all VMWare servers (i...

uscit by Not applicable
  • 5005 Views
  • 2 replies
  • 0 Likes

GlobalProtect agent download from direct URL

Hi everyone, Do you know if it's possible to block the download of the globalprotect agent via the direct URL ? The goal here is to force users to authenticate in the portal web page to be able to download the agent. Ex. for the 64bit agent :https://<my-portal-address>/global-protect/getmsi.esp?version=64&platform=windows If yes, could...

FabienJ by L2 Linker
  • 17834 Views
  • 19 replies
  • 0 Likes
  • 24401 Posts
  • 123 Subscriptions
Top Solution Authors
Labels