General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Security policies not matching traffic

Hello! I am having quite a few strange behaviors from the Palo Alto firewalls. I have a rule for an entire subnet (10.209.82.0/24) to be allowed from inside to outside zones via any port to any IP address yet there is still somehow traffic being denied. Obviously, this isn't the greatest from a security perspective, but I arrived there out of fr...

Resolved! Possiblility of getting locked out of web interface?

Currently, I'm using a local administrator account on the firewall (no Panorama), but I want to configure authentication between it and active directory. I went through Palo's guide for setting up Kerberos (I read that this is preferred over LDAP due to its increased security, but please chime in if you disagree), but I'm worried about the chanc...

JanayE by L0 Member
  • 3248 Views
  • 1 replies
  • 0 Likes

An active Wildfire license is required for this feature

Hi everyone!Every 15 minutes i get an email notification: opaque: Retrieving Content 'WildFire' info failed with error 'An active Wildfire license is required for this feature' but the license is valid till October 2022. Could someone help me with this issue ?My device is PA 850 Thanks in advance

Firewall rules for update Palo Alto´s firewall content on Check Point!

Hi Guys!My Check Point firewall rule for Palo Alto fw update its contents, so im not confortable with the destination part (all_internet)PA fw (x.x.x.x) to all internet on service https (tcp.443) accept...! So instead of put ALL INTERNET on destination, i think PA should have documentation on it, about the destination for updates and also about ...

Aftermath_0-1653903851018.png

Resolved! Minemeld static url/ipv4/md5 list

Hi everyone,we have installed minemeld in our facility and it's great, but we are having trouble implementing a solution that takes lists internally, our current goal is to update the list manually based on the ipv4 / url we get from our security team. Is there any guide that explains how this can be done? Thanks , Angelo.

porq91 by L1 Bithead
  • 5256 Views
  • 6 replies
  • 0 Likes

Resolved! Expedition import of Cisco ASA

Hi, new to Expedition and have just installed (Ubunto 20.4 and latest Expedition packages) . Imported a running config from a Cisco ASA 5525X without issue but when I move away from the dashboard to look at the 400+ address objects I see no objects and then returning to the dashboard they are gone as are a lot of other objects. Appreciate and gu...

AndyH64_1-1653868101698.png
AndyH64_2-1653868171663.png
AndyH64 by L0 Member
  • 2623 Views
  • 1 replies
  • 0 Likes

Resolved! Routing issues on PA410

I cannot get traffic to go out my outside interface - it will only go out the Management interfaceI have a PA-410 with several Inside interfaces / Outside (connected to an ASA) / Management (connected to my Inside network)Note: I changed the Outside IP's first 3 octets from the real to 3.3.3. in this post to protect the future public IP for this...

sos66sos by L1 Bithead
  • 5005 Views
  • 4 replies
  • 0 Likes

Windows Based Agent vs Integrated PANOS Agent

Hi everyone! I was quite new to Palo Alto Networks and one that caught my attention is setting up user-id.However, there are quite many videos which do not mention about the windows-based agent.What are the advantages if I decided to use windows-based than the integrated PANOS agent? And vice versa. Thanks!

RVizcarra by L4 Transporter
  • 6685 Views
  • 4 replies
  • 0 Likes

Resolved! GlobalProtect getting "Connection failed" message (sectigo certificate)

Hi, suddenly we are getting a "connection failed" message from the GlobalProtect Client while using the sectigo wildcard certificate in the TLS Profile of the NGFW. The traffic logs show a 'decrypt-error'.There is no decryption policy being used. We are on PanOS 9.0.7. It's a bit strange because everything worked just fine until now and there we...

Filezilla Server Access through VPN to Private Network

I have Filezilla FTP server running on 192.168.126.176 on private network.We are accessing it through VPN with ftp client.When reading directories we get error cannot open data connection for file transfer. FTP access with local network is ok without issues,

RAVIKS by L0 Member
  • 4781 Views
  • 1 replies
  • 0 Likes

Resolved! HA pair, first unit has no issue getting licenses, second one "failed to fetch licenses. failed to get license info."

We're trying to bring up these units, two PA-440's. They are in an HA pair, both tied to the same management switch, and both can ping/trace to updates.paloaltonetworks.com as described in this article: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PP1RCAW However, the second unit can't retrieve it's licenses (I had t...

FTP Server Access concerns over VPN

I have Filezilla FTP server running on 192.168.126.176 on private network.We are accessing it through VPN(Global Protct) with ftp client.When reading directories we get error cannot open data connection for file transfer. FTP access with local network is ok without. Any suggestions.

RAVIKS by L0 Member
  • 2706 Views
  • 1 replies
  • 0 Likes

Stats Dump is not generting from the month

We are unable to generate the Stats Dump file for CLI for a month in 10.1.0/10.0.0 version . while in previously version in 9.1.X we are able to generate Stats Dump file.Please let me know is there is any bug/or feature limitation Regards,Joshan Lakhani

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels