General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Issues GP in Iphones

On iPhone, the gw for SAML authentication does not open the system browser (Safari). It opens the embedded browser. We configured the "default browser" in APP config like YES. In android is working fine but no in iPhones. Why? any incompatibility? On the other hand, we have a gateway using only certificate for authentication. In android is l...

BigPalo by L4 Transporter
  • 2042 Views
  • 6 replies
  • 0 Likes

we have High Severity tickets for ALERT: Warning - AAA - [Free Disk Space

/opt/traps below servers’ issue [root@usaz15ls128 ~]# df -h /optFilesystem Size Used Avail Use% Mounted on/dev/mapper/vgRoot-lvOpt 6.0G 6.0G 20K 100% /opt[root@usaz15ls128 ~]# du -sh /opt/traps/5.7G /opt/traps/[root@usaz15ls128 ~]#[root@usaz15ls132 ~]# df -h /optFilesystem Size Used Avail Use% Mounted on/dev/mapper/vgRoot-lvOpt 6.0G 6.0G 20K 1...

A.Anam by L0 Member
  • 807 Views
  • 2 replies
  • 0 Likes

Policy processing order

I have a question about how policies are processed; specifically NAT vs Security Policy. We have a NAT policy that performs destination NAT to translate all traffic to port 53 to be translated to our corporate DNS servers. We have a security policy for DNS that permits outbound access to only our corporate DNS servers. All other DNS destina...

jwill2 by L2 Linker
  • 1009 Views
  • 1 replies
  • 0 Likes

Problem with the DuckDNS certificate for the DDNS service.

Hi,I'm having an issue with Palo Alto and DDNS — specifically with DuckDNS. Everything had been working fine for the past two years, but for about a month now, Palo Alto is showing an SSL certificate error.The exact error message is: Server response: Peer certificate cannot be authenticated with given CA certificates I’m not sure which certifica...

A.Kuszaj by L0 Member
  • 1904 Views
  • 2 replies
  • 0 Likes

EDL server certificate authentication failed. A local copy of associated external dynamic list will be used

I'm receiving this error from our firewall every 2 minutes, I can't figure out what the cause is. The reason says "self signed certificate in certificate chain" but I don't know what self signed cert it is talking about. This has been working for years now, the cert selected on the firewall is the GoDaddy root from https://certs.godaddy.com/repo...

Unable to HTTPS or SSH into new out of the box PA440

Had a new PA440 delivered to a remote location. I am able to ping the device (192.168.1.1) but am not able to HTTPS or SSH into it. Assuming that my IT person at the remote location has the device plugged into the MGT port and in the switch, which since I ping it I am assuming that is the case I am not sure why I can not get in at least with SSH...

dahoove by L1 Bithead
  • 9150 Views
  • 9 replies
  • 0 Likes

Error generating a new certificate

Hi, we are trying to generate a new elf-signed certificate in Panorama and we receive this error: Failed to insert certificate into configuration. Failed to find beginning of certificate. Make sure certificate starts with BEGIN CERTIFICATE tag. This is the certificate and the error: Why are we receiving this error?

cert1.JPG
cert2.JPG
BigPalo by L4 Transporter
  • 19955 Views
  • 16 replies
  • 0 Likes

Firewall Traffic flagged as unknown-tcp using port 31200

Hello, Seeing some traffic for Unknown-tcp using port 31200. I'm in the process of refining our firewall rules to be more granular and for this current rule has an any app on any service applied with no restrictions. Trying to see what I can create for this particular traffic in a separate rule. Is there a way to determine what this is exactly? ...

Join Us For a Fuel Workshop on GlobalProtect Troubleshooting Techniques (APAC Region Sept 17-18)

Fuel Workshop on GlobalProtect Troubleshooting Techniques Welcome to the next in our series of Fuel Workshops where will be covering troubleshooting techniques for GlobalProtect. Over the next two days, we will be learning a number of items related to supporting as well as best practices around how to build a proper GlobalProtect environment...

emgarcia by Community Team Member
  • 2889 Views
  • 3 replies
  • 4 Likes

random-drop vs drop - zone protection

For TCP flood logs should only show "random-drop" with RED configured."drop" for TCP flood is this coming from options set under "TCP Drop" options under Packet Based Attack Protection.

image.png
raji_toor by L4 Transporter
  • 11515 Views
  • 11 replies
  • 0 Likes
  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels