General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Guidance on swinging an Exchange 2016 On-Prem server from ASA to PA 820 (vWired currently)

Hello everyone, currently I've about 3 publicly available servers still running through an old ASA5510 that I would like to move to the PA 820 that we have. 2 of them will be easy as they're basically web servers but its the Exchange server that has me concerned. I'm looking for a guide or some assistance in helping pre-create the security polic...

Knowledge sharing: Containers (Docker, etc.), Kubernetes, Openshift, Palo Alto CN series container firewalls

I hope everyone knows about the Palo Alto Beacon training platform as recently I found a great training about the CN series firewalls as we started needing security in our AWS kubernetes cluster. Palo Alto has youtube videos but they are not enough (Introduction to CN-Series and Demo - YouTube) Beacon – Palo Alto Networks Home : Beacon (palo...

Destination Zone

Hello I found in documentation : "Assign destination zone based on Interface packet would egress from" What is behind this "would" ? How is choose the destination zone , based on FW topology or routing table or ? I have set a route (next hop Tunnel interface) to a subnet and a NAT rule.I have a traffic from 2 differents source zone but same dest...

Resolved! Interface 'configured but down'

Hello, I have used interfaces in the past on a PA 3020 that were later disconnected. Those interfaces are still indicated in bright red with the message 'configured but down', including speed/duplex even though nothing is physically connected. As this is distracting, is it possible to reset each to simply grey and "not configured"? Thanks

landoa by L1 Bithead
  • 14339 Views
  • 2 replies
  • 0 Likes

static route not active

Dears, i create IPsec tunnel and add four subnet to it all subnet work good and see the other side but only one subnet not work when i look for show route found its route not active as attached the last subnet172.16.17.0/24 can any one help me

notactive.JPG
mhmad_91 by L0 Member
  • 2746 Views
  • 2 replies
  • 0 Likes

Regarding access between two sites

Hi Guys,I need help regarding access to the Web Server.Firstly, please refer to the image I have attached.Our company has 2 different sites. Site A has a Web Server with two different Websites hosted (let's say xxx.com and zzz.com) and our employees from site B connect to this web server.What we want is if User1 from SiteB connects to our Web Se...

Web Server Access.png
Satyam by L1 Bithead
  • 1915 Views
  • 1 replies
  • 0 Likes

Trouble uploading to tacupload.paloaltonetworks.com with SCP

Hoping someone can help me out. I've been on hold for ever 2 hours now unable to get support 😞 Support wants me to upload some core files to the TAC Upload server directly from the Palo device, but I can't seem to successfully do it from SCP on my Palo device.I tested that it's not a problem with the credentials by visiting tacupload.paloalton...

BHygaard by L0 Member
  • 3090 Views
  • 1 replies
  • 0 Likes

Resolved! dataplane is not up or invalid target-dp | Upgrade from 9.0.15 to version 10.X

Ran into errors with our Palo Alto PA-3250-1 after starting the upgrade process to version 10, dataplane is not up or invalid target-dp On phone with TAC (been on hold for hours, waiting for engineer). Has anyone ran into similar issues? Searched online, very few articles. We attempted reboots and restarting dataplane, issue not resolved.

SBozley by L1 Bithead
  • 8190 Views
  • 3 replies
  • 0 Likes

Configuring PA-5250 to act as gateway for guest wireless

Hi All, I'm attempting to configure a 5250 to act as the gateway and DHCP server for my guest wireless. I have a Cisco 9800 WLC directly connected via fiber from Gi0/2 to Eth1/15 on the 5250 over VLAN 825. I then created VLAN 825 on the 5250 as an SVI and associated it with Eth1/15. I have a DHCP server setup to hand out IPs from the 10.14.0.0/1...

Agentless User ID based network administration control using Windows AD server for PAN-OS

Hi All,I am looking for information on if we can use PAN-OS to do user ID based authentication for network administration control. For example, if user are working from home or remote location, getting users authenticated via PA Firewalls by integrating PA FW with AD server. Question I am stuck at is, how policy will look like. I want only this ...

Richa-L by L0 Member
  • 1928 Views
  • 1 replies
  • 0 Likes

URL Filter Security Policy Structure

Hello all. New to PAN, and after reviewing the documentation on URL Filtering, I'm confused on the best practice deployment of the policy structure. Here's what I mean: Let's say I want to break out the policies into multiple granular policies for custom exceptions. It would look something like this: 1) URL Filter Policy: "Vendor Safelist"Custom...

Resolved! Threat log spammed with "Non-RFC Compliant DNS Traffic on Port 53/5353"

A couple days ago, the threatvault added threat id 56505, and since then our threat log is getting spammed with the vulnerability type Non-RFC Compliant DNS Traffic on Port 53/5353 (informational). We use dnscrypt, and every single DNS request is now showing up in the threat log. First of all, is this a false positive? And if so, how do I preven...

Maxstr by L3 Networker
  • 32211 Views
  • 4 replies
  • 0 Likes

session_end_reason eq decrypt-error

I have a high number of sessions, for various webservers and clients, being closed due to decrypt-error. I've attempted to follow the tips from this document, but I'm still not clear on root cause: https://live.paloaltonetworks.com/t5/Configuration-Articles/PAN-OS-7-1-New-session-end-reasons/ta-p/73289 Need help identifying why sessions are endi...

AmyTyler by L2 Linker
  • 17513 Views
  • 6 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels