General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Layer 2 vlan subinterface restriction?

HelloI am using PA VM-50 and wonder if there is any restriction on the number of Layer 2 subinterfaces that I can create under 1 interface. I have more than 50 vlan subinterfaces created and the one I have added recently does not seem to pass traffic. Thanks

Workstations no internet after receive IP from firewall DHCP Server

Hi,We have a PaloAlto firewall which is connected to a Cisco switch and on this Cisco swtich an AP is connected.On the firewall I use ethernet 1/2 port to handle the free wifi clients. This port is in Layer 3 mode.This port is connected with the Cisco switch. The port on the Cisco switch is configured in access mode and in vlan 5.On my AP I set ...

ZEBIT by L3 Networker
  • 5350 Views
  • 3 replies
  • 0 Likes

Resolved! Firewall upgrades guidance

Hello we have a customer with central location acting as Datacenter with PA 3000 series. The panorama also stays in same DC. All the other locations worldwide are connected to central DC over IPSEC tunnels. Most of the firewalls running at remote sites are having 8.x version. We want to upgrade all of them to 10.x . I checked hardware wise all m...

Resolved! high CPU (management plane) after enabling ECMP

Hello We have an active/passive cluster (PA-820) which we use for IPSec tunnels (with 30 different partners).One of the partners insisted on having a redundant connection using two IPSec tunnels with different peers. So we came up with the idea of enabling ECMP. Based on the routing table, this looks fine (same destination network listed twice, ...

Resolved! GlobalProtect monitoring

I need to graph GlobalProtect current users + traffic via SNMP. I cannot find anything in SNMPwalk or in the available MIBs.I looked through some older discussions but it seems there is no immediate answer. Any update?Thanks

Routing issues when using NAT over VPN

I'm looking at this document. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClipCACIt says our selected NAT addresses (2.2.2.0/24 on PA-2020 in this case) need to be routed to a tunnel interface, in order for policy lookup to work. Let's imagine I'm using 2.2.2.0/24 on the PA-2020 for NAT'ing traffic not only towards...

mathiasj by L1 Bithead
  • 2441 Views
  • 2 replies
  • 0 Likes

Customer Support Portal Inquiry: devices in assets under customer profile does not show the updated PANOS version.

Customer updated all devices to latest PANOS version after receiving the email for CVE-2021-3064. However, the PANOS versions for the devices are still showing the older version (8.1.6) in the customer support view. Customer can open each devices and change the PANOS version manually. Cx asks, Shouldn't It update the PANOS version on this view b...

assets-devices.JPG
morahman by L1 Bithead
  • 2122 Views
  • 1 replies
  • 0 Likes

Session end reason threat traffic allow

Hi Everyone we got the problem for session end reason “threat”, cause we detected the coin miner traffic through firewall and transmission to internet, even we saw the session end reason already hit to threat when the spyware traffic initially and threat log show result to drop for same session, but the traffic seems like still pass through t...

Resolved! PA220 upgrade to 10.0.x

hello we have a customer with PA220 runing 8.1.8 and they want to upgrade to 10.0.8 I know 10.0 is supported on PA220 but is there any performance issue on PA220 for panOS 10.0.X LIKE slowness etc ? Any guidelines if is it worth to upgrade to 10.0.X for PA 220?

Prevent Globalprotect from connecting when user on internal network

We want to prevent Globalprotect from connecting when user is on the internal network. We have the client set to manual connect/disconnect but users can be stupid and connect anyway.We don't have an internal gateway, and dont want any ssl tunnel when user is on internal network.We tried putting in an ip address of a reachable lan server in the ...

Resolved! lines under object name

Hello, community Recently I've seen some object names with a line (check the attached image). Is there anyone that could help understand why this happening? What does it means? Best Regards,MrBraz

PA-img.PNG
MrBraz by L0 Member
  • 2663 Views
  • 1 replies
  • 0 Likes
  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels