General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How work App-id when trafic is not inspected

Good morning all,
I have a question regarding the relationship between Appid and Ssl Decryption. How can the Fw recognize an application when the traffic is not inspected?
Example user request https://www.youtube.com/watch?v=2zB2jiCxxuQ. What is the Fw

...

IPSec SA rekey failure

Hello,

I am not an expert on IPSec and its terminology, so I apologize if I write something inaccurate, but I try to do my best. I have an IPSec s2s tunnel between Palo Alto PA-220 and Mikrotik RB4011. The RB4011 is behind NAT so it initiates the conn

...

ipsec_failure_1.png
ipsec_failure_2.png
jjurica by L0 Member
  • 5560 Views
  • 2 replies
  • 1 Likes

Issue with traffic on specific proxy id

We have VPN between Palo Alto and Cisco FMC/FTD.

There is user and server traffic on VPN. VPN status is stable. I don't have any user complaining about disconnection.

But I am seeing disconnection on specific proxyid. All of sudden I am getting ICMP re

...

yshaikh by L1 Bithead
  • 3003 Views
  • 5 replies
  • 0 Likes

Resolved! Way to see hardware type installed on 7080?

Is there somewhere in the GUI (or more likely a CLI command) that will show me the hardware type of the cards I have installed on my 7080? Specifically, I am trying to see if I have an SMC or SMC-B.

 

Thanks.

Resolved! Path Monitoring for Alerting Only

Hi,

 

I'm interested in using path monitoring for alerting. I'm aware that it can be used with PBF, static routes, HA, etc, but that's not quite what I'm after. I have BGP to manage that side of things.

 

I would like to monitor the path to the internet.

...

Luke_R by L2 Linker
  • 1941 Views
  • 2 replies
  • 0 Likes

Next Hop in default route using DHCP Comcast modem

Hello Group,

 

I am setting up a PA-200 in my SOHO with comcast as my ISP.  I have comcast for my isp and am using DHCP to optain my IP address.  My question is this.  Per the setup guide, if I check DHCP under the IPV4 tab, and check, Automatically cr

...

BryanMay by L1 Bithead
  • 2864 Views
  • 4 replies
  • 0 Likes

SD-WAN OSPF

Hello Team,

 

I just wanted to know that does PA SD-WAN supports OSPF ??

Or it only supports BGP.

 

My use case is as below  Branch and a Hub to SDWAN

I have Internet links and Orange MPLS links and I have OSPF on OBS router and on the firewall 

After confi

...

Swetang by L1 Bithead
  • 2285 Views
  • 2 replies
  • 0 Likes

Apps/Threat out of Sync on Passive Panorama.

On one set of panoramas I noticed that the Apps/Threats are out of sync. The passive device downloaded, but did not install the update like the active device did.


The active device is set to sync with peer during the scheduled update.

 

The trouble is t

...

Resolved! Using public range of IPs

I have a bit of a silly question to ask but my mind is drawing a blank on this.  If you have a connection from the ISP, say the static IP range is 14.1.1.0/30....their router is 14.1.1.1 and the PA FW will be 14.1.1.2.  Simple enough but what if they

...

ce1028 by L4 Transporter
  • 3139 Views
  • 6 replies
  • 0 Likes

File blocking

Dears,

I am not able to block msi file via file blocking profile.

I have created a file blocking profile to block msi and different types of file extensions to block by the policy.

Then I tried to open exe file in the chrome browser which is working fin

...

Jafar_Hussain_0-1606461774177.png
Jafar_Hussain_2-1606462014421.png
Jafar_Hussain_1-1606461839870.png

Resolved! Interzone Static Routing

Hi all, I'll preface this as I'm the sole networking guy at my job and I'm still green. Apologies for any dumb questions, I've tried to read the manual for relevant info and used my google-fu to no avail.

 

I'm using a PA-3020 on firmware 8.0.6.

 

I've b

...