General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! SSL Decryption for IoT devices

I am rolling out SSL Decryption for the wired subnets at my office. It's working great for the users since their laptops and devices are on the domain and trust our private CA which is used as the forward-trust cert. I'm running into issues with other devices plugged into the network like copiers, printers, smart TV's. These devices are on the w...

Cant upload Wildfire update after manually activating the license

Cant upload Wildfire update after manually activating the license, we are getting ready for PA migration (replacing old PA with with new) hence new PA firewalls are not connected to live environment and doesn't have internet connectivity. config was transferred using XML import / export.All the subscriptions are activated on the new PAs and dyna...

Resolved! Transfer Configuration from PA-3020 to PA-850 Without Panorama

Has anyone cloned configuration from a PA-3020 HA pair in active/passive mode to PA-850's that aren't managed by Panorama? Maybe not those specific model numbers even? I'm not familiar with Panorama, and have searched here, and online but all I find is when devices are managed, so I'm wondering if doing this manually would have a different outco...

Resolved! Application Override Question

Hi All, I got this question from the learning center for the PCNSE practice exam. Dont know if its allowed to post the screenshot here. From my understanding of using the application override, the firewall stops any further content inspection. It was also stated on the admin guide:If you define an application override, the firewall stops proces...

app-override.PNG

Resolved! VPN Issue on interface subnet change

Hi All, Help here will be appreciated.I am migrating a pair of PA-5220's to Active-Passive as they are currently Active-Active. First job in the task is to change the interfaces from /30 to /29 subnets. This is to ensure that both firewalls sit within the same subnet rather than be in isolated /30s. The migration is needed as the VPNs only resid...

a.jones by L3 Networker
  • 3770 Views
  • 2 replies
  • 0 Likes

Resolved! Allow a more specific path of a Blocked URL

Hi All, I'm trying to determine if this is possible. We are blocking abc.company.com via an entry in a custom url category which is applied to the internet policy via a URL filtering profile. I need to allow abc.company.com/specificpath while still blocking all other paths. Nothing I've tried works. We have a whitelist rule above the main inter...

epeeler by L2 Linker
  • 7987 Views
  • 3 replies
  • 0 Likes

Resolved! Configure DHCP reservation on Global Protect user

Hello Community, Is there a way on the PALO ALTO that we can do DHCP reservation while using the Global protect client VPN.As of now we don't have any DHCP relay on the PALO ALTO. The PALO ALTO is the one providing IP address for the global protect user.Is there any DHCP expire on the global protect assign IP address?I found some docs but more o...

Resolved! Whitelist Java Traffic

Good morning,I am relatively new to the PA's, but was wondering if there was a way to have a list of URL's & domains to whitelist Java traffic & block everything else? And if so, can I then write any kind of regex to match specific java versions, say if we have an older version of Java that is required for a specific app for a specific ...

Site to site vpn issue

Dear Team,I have one site 2 site VPN tunnel b/w Paloalto and cisco. some time i can see the tunnel is going automatic down and after some time it will come automatically. I have checked ikemgr and system logs but i am not able to find exact issue why its going up and down. can any one help me this below is the logs.I was doing troubleshooting th...

Resolved! Multiple Virtual Wires - PA Firewall - TP (IPS)

Hi, I hope it works but looking for confirmation. In PAN-OS with PA-5450, can we have multiple virtual wires configured e.g. 3 pair of interfaces configured as 3 virtual wires. Use case is PA NGFW deployment as inline IPS protecting 3 separate segments leveraging TP subscription. FW has to be deployed as bump in the wire solution. ThnxRohit

IPSEC tunnel Intermittent disconnect between onprime PA-5250 and and VM PA hosted on Azure.

Hello all,Need help.We're experiencing unsual IPsec tunnel disconnect between our main firewall PA-5250 and VM series hosted on Azure. PA-5250 - Version 8.01 - Static GW IP address 2.2.2.2VM series VM:- 10.0.7 - Azure01 - GW IP is dymanic representing 1.1.1.1 on logs. IPsec tunnel info check and verified are same on both firewall. Proxy ID:- ...

Find object tag in Rules?

I am trying to get rid of FQDN objects that no longer resolve (1000's BTW). Problem is that you can't delete an object if it is in a rule or address group. I can tag all the objects via command line which is great, but how can I see all the rules where an object is tagged with my "delete fqdn" tag? Seems like the Tag Browser could have done this...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels