General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

we have High Severity tickets for ALERT: Warning - AAA - [Free Disk Space

/opt/traps below servers’ issue [root@usaz15ls128 ~]# df -h /optFilesystem Size Used Avail Use% Mounted on/dev/mapper/vgRoot-lvOpt 6.0G 6.0G 20K 100% /opt[root@usaz15ls128 ~]# du -sh /opt/traps/5.7G /opt/traps/[root@usaz15ls128 ~]#[root@usaz15ls132 ~]# df -h /optFilesystem Size Used Avail Use% Mounted on/dev/mapper/vgRoot-lvOpt 6.0G 6.0G 20K 1...

A.Anam by L0 Member
  • 807 Views
  • 2 replies
  • 0 Likes

Policy processing order

I have a question about how policies are processed; specifically NAT vs Security Policy. We have a NAT policy that performs destination NAT to translate all traffic to port 53 to be translated to our corporate DNS servers. We have a security policy for DNS that permits outbound access to only our corporate DNS servers. All other DNS destina...

jwill2 by L2 Linker
  • 1008 Views
  • 1 replies
  • 0 Likes

Problem with the DuckDNS certificate for the DDNS service.

Hi,I'm having an issue with Palo Alto and DDNS — specifically with DuckDNS. Everything had been working fine for the past two years, but for about a month now, Palo Alto is showing an SSL certificate error.The exact error message is: Server response: Peer certificate cannot be authenticated with given CA certificates I’m not sure which certifica...

A.Kuszaj by L0 Member
  • 1904 Views
  • 2 replies
  • 0 Likes

EDL server certificate authentication failed. A local copy of associated external dynamic list will be used

I'm receiving this error from our firewall every 2 minutes, I can't figure out what the cause is. The reason says "self signed certificate in certificate chain" but I don't know what self signed cert it is talking about. This has been working for years now, the cert selected on the firewall is the GoDaddy root from https://certs.godaddy.com/repo...

Unable to HTTPS or SSH into new out of the box PA440

Had a new PA440 delivered to a remote location. I am able to ping the device (192.168.1.1) but am not able to HTTPS or SSH into it. Assuming that my IT person at the remote location has the device plugged into the MGT port and in the switch, which since I ping it I am assuming that is the case I am not sure why I can not get in at least with SSH...

dahoove by L1 Bithead
  • 9150 Views
  • 9 replies
  • 0 Likes

Error generating a new certificate

Hi, we are trying to generate a new elf-signed certificate in Panorama and we receive this error: Failed to insert certificate into configuration. Failed to find beginning of certificate. Make sure certificate starts with BEGIN CERTIFICATE tag. This is the certificate and the error: Why are we receiving this error?

cert1.JPG
cert2.JPG
BigPalo by L4 Transporter
  • 19955 Views
  • 16 replies
  • 0 Likes

Firewall Traffic flagged as unknown-tcp using port 31200

Hello, Seeing some traffic for Unknown-tcp using port 31200. I'm in the process of refining our firewall rules to be more granular and for this current rule has an any app on any service applied with no restrictions. Trying to see what I can create for this particular traffic in a separate rule. Is there a way to determine what this is exactly? ...

Join Us For a Fuel Workshop on GlobalProtect Troubleshooting Techniques (APAC Region Sept 17-18)

Fuel Workshop on GlobalProtect Troubleshooting Techniques Welcome to the next in our series of Fuel Workshops where will be covering troubleshooting techniques for GlobalProtect. Over the next two days, we will be learning a number of items related to supporting as well as best practices around how to build a proper GlobalProtect environment...

emgarcia by Community Team Member
  • 2886 Views
  • 3 replies
  • 4 Likes

random-drop vs drop - zone protection

For TCP flood logs should only show "random-drop" with RED configured."drop" for TCP flood is this coming from options set under "TCP Drop" options under Packet Based Attack Protection.

image.png
raji_toor by L4 Transporter
  • 11515 Views
  • 11 replies
  • 0 Likes

Resolved! Palo Alto PAN-OS Adv threat and AV Update scheduling

Hi, Newish to Palo Alto and learning about the automatic download and updates and watching the training videos. If I set the PA to check every 24hours and come back a week later and can see a list of Updates. Do I need to download all of updates, or by clicking the latest one to download, is the firewall clever enough to know it needs to downloa...

M.Gannon by L1 Bithead
  • 1265 Views
  • 1 replies
  • 0 Likes
  • 24395 Posts
  • 123 Subscriptions
Top Solution Authors
Labels