This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Split Tunnel Routing Config Help

Looking for some help on split tunneling.

We are on PAN os 9.1.9 GP client 5.26, for our LAN we also use Cisco Umbrella to block sites.

What I want to do is when GlobalProtect connects I want all LAN traffic going through the VPN traffic, and all Inter

...

PA-5050-Data plane showing high

Dear Team,

 

Our Core firewall Data plane  CPU reaching to 99% , When we checking the traffic logs some MS-SQL application getting high usage, and system logs are showing "dataplane under severe load palo alto".

 

Pan os : 8.1.15-h3 ,Device : PA 5050.

 

Ki

...

VishnuPS by L3 Networker
  • 2865 Views
  • 6 replies
  • 0 Likes

Resolved! IPSec VPN certificates

I’m very new to Palo Alto and testing things out on a home virtual lab on local computer.  I’m trying to configure IPSec vpn between 2 sites using certificates.  My problem is that when I export the certificate from PA-1, I cannot import it to PA-2 b

...

ldapjazz by L0 Member
  • 2281 Views
  • 2 replies
  • 0 Likes

Storage V-Motion

Hello,

 

Our Virtualization team Storage vmotioned all the VMs on a specific host and that included VM-Series Firewalls for NSX as well.

 

Resulting that the firewalls pass 0 kbps of throughput and dropping all the packets. We were able to identify this

...

ayazdani by L1 Bithead
  • 2067 Views
  • 2 replies
  • 0 Likes

Resolved! Unable to export certificates

PanOS 7.0.1

 

Tested with Google Chrome and Firefox v56

 

When trying to export a certificate from Device tab --> Certificate Management --> Certificates, no matter which export format I choose, nor which certificate I choose, nothing happens.  Browser w

...

Incoming traffic being not logged on external IP

Hi 

 

Any help greatly appreciated.

 

I have 4 internal IPs w x y and z that need to route out on one of my external IPs (1.2.3.4).  And then I need the ingress traffic on 1.2.3.4 to be routed to w x y and z based on the incoming port number.  I am also

...

Resolved! IPSec VPN routing across multiple tunnels

Hi folks/.

 

I have a situaiton that is doing my head in, and I need some help.

 

I have an installation which looks like this

 

"A" end - Palo Alto Active/Passive cluster, public IP for IPSec VPN termination

 

"B" End - Juniper SRX cluster, Active/Active wi

...

darren_g by L4 Transporter
  • 11403 Views
  • 8 replies
  • 0 Likes

MAC addresses for HA interfaces

I have 2 virtual instances of PA-8.0 on a laptop in a home lab for learning purposes.  High Availability is configured in Active/Passive mode with HA1 using the management interface and it is working but HA2 is failing to sync and complete initializa

...

Resolved! VA scan issue

Is there anyway to solve those VA issue?

 

1) 90317 - SSH Weak Algorithms Supported
2) 42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
3) 70658 - SSH Server CBC Mode Ciphers Enabled
4) 71049 - SSH Weak MAC Algorithms Enabled

 

Kindly help plea

...

Vector by L0 Member
  • 2084 Views
  • 2 replies
  • 0 Likes

Global protect certificate expiry

Hi team,

Can we renew the server certificate used for gp before expiry can you please let me know if there would be any impact after renewing the certificate before expiry??

 

Or we need to renew the certificate before 1 day ???

 

 

Resolved! CLI commands to add a device in devicegroup as master device

Hi Team,

 

I found some command to add a device in device group and template but couldn't find how to set a device as master device in device group with CLI,

Tried to search cheat sheet but the information/commands are not available.

Is it possible or th

...

Srikant by L1 Bithead
  • 3465 Views
  • 1 replies
  • 0 Likes

Dual ISP, PBF traffic not returning

I have two ISPs configured with path monitoring and I can successfully monitor the primary route and fail over to the secondary, however what I would like to do now is use PBF to always send some of my traffic out the secondary ISP.  Everything I've

...

NAT.jpg
PBF.jpg
Traffic.jpg
Cooper80 by L0 Member
  • 2205 Views
  • 2 replies
  • 1 Likes
  • 24196 Posts
  • 100 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks