General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Panorama - Template objects not shared by firewall cluster

I added an existing firewall Active/Active Cluster with multiple Vsys into Panorama Before the integration, some Device objects like "certificates" or "Local user database" were shared by the firewalls member of the cluster. Now I need to create the objects twice times in each template of the firewalls. Is it possible to manage it like before a...

User-ID Windows agent failing to query

Beginning sometime last week (possibly on 12/26) our Windows-based User-ID agent stopped being able to query our DCs for user-to-IP mappings. The PA shows 1000s of request for IP mappings msgs with little to no response msgs from the agent. The agent server debug log shows a long queue of pending lookups with occasional WMI/Netbios access errors...

Home Decryption on a PA-220.

I have a PA-220 at home and want to use it to obviously protect my home, but also to help prevent my children from accessing things I feel inappropriate. Obviously with encrypted traffic from things like gaming consoles and phones this is harder to do and decryption is required. My question is, what is the best way to implement decryption on t...

Upgraded from v9 to v10 and SNMP traffic statistics...

Hi,Recently we upgraded our VM-100 fw from v9 to v10 and apart from the yellow login wallpaper there was not much visual changes after the transition. Everything is running as smoothly as before, except an issue with SNMP traffic statistics. We extract interface traffic statistics from our VM-100 via SNMP to a Cacti OVA appliance so we easily c...

Not able to access an website via Palo Alto firewall

Hi Folks, We are recently receiving multiple cases where the devices behind the PA firewall is not able to access certain websites. In an recent case we had seen for two devices (Device A and Device B in different VLAN's ) located behind Palo Alto firewall from device A we are able to access the website but from device B we are not able to acces...

tamilvanan_0-1640963144717.jpeg
tamilvanan_1-1640963230501.jpeg

Resolved! Hit count cannot increase after NAT

Hi U-turn nat is configured for trust user to ping server located at DMZ. After the user ping the server from trust zone to dmz zone, the security policy count increases, but nat policy count does not increase. Is this normal? if not, why it happen? thank you

DavidyPalo_0-1640898101134.png
DavidyPalo_1-1640898440563.png

Communication between 2 network segment

Hello,I have a PA-220 firewall. There is a normal switch connected on ethernet 1/4. The switch is connected to the equipments of 2 network segments, 10.1.240. * and 192.168.5. * . These equipments need to communication now. But I can't change their IP. Can I do this through the port settings of the firewall?My idea is to add a new sub port to et...

1.png
2.png
3.png

Resolved! PAN OS upgrade from 8.1.15 to 9.1.12-h3

Hi, My client is planning to upgrade their Panorama and PA5220 (x4) current PAN OS v8.1.15 to 9.1.12-h3.Panorama > PA5220 x2 (HA) > PA5220 x2 (HA) Just want a second opinion of below upgrade path is correct or not, and other pre-cautionary advise. 1. download 9.02. download and install and reboot 9.0.14-h33. download 9.1....

Script to automate the baseline configuration after initial palo alto deployment

Hello Guys, I have prepared the "SET" commands which configure the baseline settings. I can able to run the full set command from CLI. I would like to know any options where I can run these command from a Linux machine where the system take the commands from the local script and loginto the palo alto and execute the commands. Also need to print ...

SPG by L0 Member
  • 7378 Views
  • 5 replies
  • 0 Likes

SSL Decryption and Forward decrypted content to WildFire Query

Hi Team, I have below 2 tasks which needs to be closed from PaloAlto Level. Appreciate your quick response. Task 1 "1.Configure SSL Forward Proxy for all traffic destined to the Internet" As per the Best Practices we have to enable ssl Decryption for Internet Traffic for that we have to push Certificate to Domain users but My case we have ...

Global Protect is constantly causing network errors.

Since November I have been experiencing issues with Global Protect VPN not connecting properly. Global Protect either causes a slow down in my internet or my local internet to go out with a bunch of "DNS error" or "Network Change" error or "Network not found" errors (Remote Desktop specifically) Has anyone else ever experienced this problem bef...

Resolved! Viewing BGP traffic logs

We have BGP setup between our core switches and out Palo Alto FWs but I never see any traffic logs for port 179 or application BGP on the Palo Altos. How do I go about seeing this traffic ?

iqbal786 by L0 Member
  • 13872 Views
  • 2 replies
  • 0 Likes

Sort feature would be helpful

I'm fairly new to Palo Alto gear and wanted to submit a suggestion about adding a sort capability to the information presented in the various tabs/pages. Just a few examples on the benefits of being able to sort: Trying to find that one rule where you know the name of it, but can't quickly spot it because you can't sort the name of the rules alp...

  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels