General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How to apply security policy over more than 200k public IP? (EDL? API?,...)

Helo, we have started a plan for a new project. I have created a picture, so you can see, what I acutally mean :). User will via some customer portal setup a new broadband link. He will be able to choose if the broadband should be secured and by several levels - TP, URL, DNS, WF,...If he choose the security level and confirm it, the customer por...

pict.png
LukasB by L2 Linker
  • 4974 Views
  • 7 replies
  • 0 Likes

Question about Global protect Pre-Logon Issue

Hi, I configured GP pre-logon method, But it’s only working in administrator mode even though the user is part of administrator group, it’ not working for normal users. I followed below KB article,https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEYCA0 In global protect client installed laptops, we are able to connect g...

GlobalProtect.jpeg

No ICMP hitting Palo Interface but ICMP is allowed

I have a greenfield Palo with a fresh ISP.Have confirmed from the Palo I can source from my interface and ping outbound to anywhere in the world.Interface mgmt has been set to allow ICMP, I've left the allowed IP's blank and also set my specific IP, neither allow ICMP traffic to the interface. The more frustrating thing is that nothing is hittin...

VPN IPSEC secondary peer

Hello,I have a vpn ipsec in production, now I have to add a secondary remote peer.It's my first time I have to configure a 2nd peer.If I understood well I can't simply add a seocndary peer to the VPN but I have to configure a new psec but the difference is the static route related the remote network.Example I should have:Remote net: 10.1.0.0/24R...

5450 - Included cards in base bundle

It seems odd that the base bundle (PAN-PA-5450-AC-SYS) includes a NC and not a DPC. Can someone from Palo, or someone that has received a 5450, confirm that a DPC is *not* included and the base bundle (it will not function on its own)?

PA not responding to any incoming requests

I have a PA-220 (PANOS 9.1.8) running with a dynamic PPoE link to the ISP. I've tried everything! It does not respond to PING, SSH, HTTPS. I removed the firewall security profiles, zone protection, added the management profile. Looking at the pcap, the external IP keeps sending and the PA will not respond to anything. I'm at a loss. I don't even...

DJ_Palo by L1 Bithead
  • 3124 Views
  • 2 replies
  • 0 Likes

PAN-OS 10.1.4-h4

Hello all,We are looking to update PAN-OS to 10.1.4-h4 but wanted to ask if anyone had any issues after upgrading? I had 10.1.4 installed but it had bugs and had to roll back so I am a little bit leery to upgrade again.Thank you,Tom

thoffman by L2 Linker
  • 2122 Views
  • 1 replies
  • 0 Likes

Global Protect 6.0 Client Windows Authentication

Since upgrading to the 6.0 client every hour, when the client does its config refresh interval, Windows defaults to the Global Protect password sign in option when unlocking the computers rather than what the users are normally using (PIN, Face, Finger etc). The same issue occurs when manually refreshing the connection or signing out and in to t...

Interface Status in Suspended state

I have my production firewalls in HA active/passive mode. My question is if I have suspended the passive firewall, what would be the interface status, would it be down or showing up ? I do understand it will not be forwarding traffic but what would you see in the GUI when checking the interface state.

bambox by L1 Bithead
  • 4140 Views
  • 1 replies
  • 0 Likes

Migration Cisco to PAN

Hello,I have run a config through the migration tool and I have noticed the following application generate warnings- icmp- I understand I change this to- pingipsec-esp- I have no idea what this should be changed to?gre(generic routing encapsulation)- No idea what this should be changed to? Any help would be appreciated.

mamuhopo by L0 Member
  • 1914 Views
  • 1 replies
  • 0 Likes

Resolved! Site-To-Site VPN with payed VPN Providers

I would like to test this hypothetical scenario it is possible :* I have an account with 3 vpn providers (i.e. NordVpn, PIA, Boleh)* I would like to create 3 (or more) vpn tunnels (at least one tunnel with each vpn provider)* I will route different traffics (route by source) to each vpn tunnel Is it possible with Palo Alto?Does anybody have I bl...

useridd process is consuming 100% CPU on the PA-5250

PAN-OS is 9.1.10 running on PA-5250. The useridd process is consuming 100% CPU: Tasks: 313 total, 1 running, 309 sleeping, 0 stopped, 3 zombie%Cpu(s): 2.8 us, 1.5 sy, 0.0 ni, 95.7 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 stKiB Mem : 32640128 total, 197252 free, 5921556 used, 26521320 buff/cacheKiB Swap: 0 total, 0 free, 0 used. 26240004 avail MemPID USER...

dtran by L4 Transporter
  • 7665 Views
  • 8 replies
  • 0 Likes

Leak a specific route from BGP summarization

Hello All, I have a question related to BGP summarization in a PAN firewall. We currently have summary aggregate advertised to the upstream device. But now we need a leak /32 route to the upstream along with the original summary route. What is the best method to achieve this goal? I have seen an option for 'Advertise filter' in BGP summary. If I...

a-techie by L1 Bithead
  • 3554 Views
  • 4 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels