General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

failover between sites

Hi, Hi , I have two sites , between sites layer 3 connection is there .single firewall deployed in each site .Now I want to make active standby with these firewalls .How can I do that , does it work without any problem ?What need to be dome to make it work Thanks

site to site.JPG
simsim by L4 Transporter
  • 3689 Views
  • 4 replies
  • 0 Likes

HA - Path Monitoring

Hello, good afternoon everyone, thank you very much for your support and help. I have the following scenario: A pair of firewalls configured in HA, such as Active Passive, model 5250.There are currently 2 links to the Internet, the main link, that is, the active one, is used for the main access for all the general output to the Internet, it has ...

Metgatz by L4 Transporter
  • 3729 Views
  • 1 replies
  • 0 Likes

VPN Site to Site configuration between two PAs

Hi,I've been trying to get clients on the end of two different Palo Altos to be able to ping each other. Everything is green but the IPsec Tunnel doesnt seem to be working. Using tracert, traffic from a client first hops to the LAN Port and then to the opposite end of the tunnel and stops there. I've already created policies that allows traffic ...

smshafek by L1 Bithead
  • 3345 Views
  • 3 replies
  • 0 Likes

Doubt regarding fullbackups firewalls managed from PANORAMA

Hello friends, good evening. I am new to administering Panorama and therefore firewalls through the Panorama console and I have some doubts, mainly with backups, which I hope you can help and support me. Understanding that example I have a firewall managed from Panorama M-200, the firewalls have part of their configuration managed through Device...

Metgatz by L4 Transporter
  • 3157 Views
  • 1 replies
  • 0 Likes

Resolved! External Palo Alto Dynamic List

Hi Team Have a PA220 licensed for Wild fire, Threat prevention, and PANDB URL filtering . Though I had configured the External Dynamic List based on the best practice, I could not get the default PaloAlto Dynamic IP lists feed : Palo Alto Networks - High-risk IP addresses and the Known malicious IP addresses showing up Could someone plea...

Receiving false positive alert for AWS config recording is disabled in Prisma cloud

We tried with the mentioned steps and enabled the recording following below recommendation:1. Sign in to the AWS Management Console2. Select the specific region from the top down, for which the alert is generated3. Navigate to service 'Config' from the 'Services' dropdown.If AWS Config set up exists,a. Go to Settingsb. Click on 'Turn On' button ...

AWS.PNG
Deepak_K by L3 Networker
  • 4321 Views
  • 3 replies
  • 0 Likes

User-id agent timeout integration with dhcp lease timeout

Hi all,let's suppose these conditions: - interface with dhcp enabled, 24 hours lease timeout, ip range (for example) 192.168.3.0/24- user-id agent enabled with 45 minutes timeout- virtual machine environment with non persistent vm, so when a machine is powered off it will be destroyed and recreated with a new mac address- a machine cannot do web...

N2Z2 by L2 Linker
  • 4421 Views
  • 5 replies
  • 0 Likes

Resolved! No hits on source NAT

Really basic setup here. I'm just trying to get a lab setup going but I'm not able to get out to the Internet. I'm not seeing any hits on my NAT policy and therefore no hits no my security policies. To my knowledge this is setup correctly. I can ping the LAN/WAN interfaces just fine. PA-82010.1.0WAN is ethernet1/1LAN is ethernet1/2 Is ther...

NAT-config.PNG
AtosErik by L0 Member
  • 5253 Views
  • 2 replies
  • 0 Likes

Panorama commit to template error after enabling device and network template

Hello everyone,i have faced a problem when creating a group mapping to get Active directory users from ldap to policies , it didn't works. and after some reseach i've found that i should enable device and network template option in device panorma settings when i did it and creat un ldap profil i have the following error message in commit - Vali...

Desktop Office apps unable to see Microsoft O365 people or resources

Hi,Have two separate issues, but think they are connected by lack of firewall rule somewhere, cannot locate what I am missing thou..Issue1:When I try to use SHARE button inside desktop version of Word/Excel/PPoint to share document, cannot see anyone in drop down, cannot search for any users and in general it's not populating. I don't have that ...

url category with wildcard

I have to create a url category which is would allow anything coming from url x.y.z.com/api-* every time i try to create that custom url category i get the following error "Consecutive asterisks (*) in a URL wildcard pattern can severely impact performance and is not supported. Instead, use a single asterisk or multiple carets (^) to indicate co...

Resolved! Objects Capacity on PA-3400 Series

Hello, Despite my research on the site, I am looking for the following features on the PA-3400 series:- Max Virtual Routers- Max. Security Zones- Max. Security Rule- Max. Address Objects- Max. Address Groups...Thank you for your help

site to site vpn. IKEv2 and fragmentation?

When configuring a site to site IPSEC tunnel, i see that the IKE gateway can be set to allow packet fragmentation or not (DF bit) when using IKEv1. However the option isn't present for IKEv2. Other vendors, such as Cisco, allow the DF bit to be set for IKEv2.Why is this the case with Palo Alto (v9.1.x)?

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels