General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! How Palo alto HA and Cisco HSRP work together ?

How Palo alto HA and Cisco HSRP work together ? For example ===========Here Palo alto HA is upstream devices ( lets consider PA1 and PA2 are in HA setup). Cisco Switches are catalyst 6509 or nexus 5 or 6K ( SW1 and SW2)SW1 is connected to PA 1 and SW2 is connected to PA2 in SW1 and SW2 HSRP is configured to maintain gateway high availability for...

perumalj by L2 Linker
  • 9865 Views
  • 4 replies
  • 0 Likes

Physical connections to vSphere cluster for VM-200

Hey folks, Can someone point me to a "best practice" design guide or white paper for making the physical connections to a vSphere cluster that will run a VM-200 virtual appliance? I'm only seeing configuration guides on deploying and setting up the VM on a vSphere host but nothing on how best to make the physical connections to the hosts-espe...

markdean by L0 Member
  • 2306 Views
  • 1 replies
  • 0 Likes

2 subnets on the same interface

We current have 1 subnet linked to an layer 3 interface which is supplied by our isp. We have run out of ip addresses and our isp want to present another subnet but on a completely different range. (too many services to move to a new range)Is it just a case of adding an ip address from the new subnet to the current interface so there will be 2 g...

Resolved! API key too long

Hello all, I am using the guide below to clear out UDP sessions after a PBF failover. When I get to the part about the key parameter under Payload Format, it says the value is too long. I am copying the exact key I generated from the web browser. The key generated is 132 characters, but it says the max length is only 128 characters. The fire...

ClintL by L2 Linker
  • 4108 Views
  • 2 replies
  • 0 Likes

Resolved! Panorama with log collectors

Here is the set up. Palo FW HA pairs send logs to Panorama and Log Collectors. Log Collectors send logs to long term archival (LTA) such as LogRhythm. Here is the issue, long term storage is not seeing the latest logs. I guess what I don't understand is the timing. When/how often are logs sent from the FW's to Panorama/Loggers and then when/...

Resolved! Releasing and reassigning VM-50 pa-vm license key

purchase a VM-50 lab bundle last year. pa-vm license was "perpetual", while the other components were 1YR subscriptions. Subscription expired on 7 October 2021.the previously licensed was "destroyed" ☹️ before it could be properly deactivated. I am looking for advice on how i can get PA Support to make the change that would permit me to acti...

MAAXIT by L1 Bithead
  • 3900 Views
  • 3 replies
  • 0 Likes

Best practices - Schedule - allow and block Traffic

Greetings (apologies in advance if this is a bit long) Could i have some advice on what would be considered best practice for allowing and blocking certain traffic at certain times. As a school (K-12) that has Day Scholars, boarder Scholars, live in staff and different privilege's for different aged scholars, i need some advice on the best way t...

Real Time Traffic on PA Interface

Hi All, I am stucked with very basic requirement on Palo-alto firewall. Would like to know how to check the traffic statistics on PA Interfaces as requirement is to check the current live traffic on specific Interface. Followed some articles available on Internet. But none of them are correct or useful. They referring to Network -> QoS fo...

Jimmy20 by L2 Linker
  • 3915 Views
  • 1 replies
  • 0 Likes

DHCP relay issue

Hello all, I have an issue with the DHCP. I have DHCP relay configured on the device (PA820), remote windows server, connectivity and policy permitting DHCP traffic.The problem is that the traffic is sill dropped by the FW, classified as not applicable. Can someone advice ? Thank you in advance!

Screenshot 2021-11-25 at 11.56.38.png
Screenshot 2021-11-25 at 11.58.01.png
stef by L2 Linker
  • 8209 Views
  • 2 replies
  • 0 Likes

Error on generating system logs

i just upgraded to 9.1.11 from 9.1.10 and i get a pop up message saying "Error on generating system logs" but the logs shows up fine and updatedis this a bug ? there isn't an error in the system monitor and i checked the known issues but it wasn't in them

perr.png
LAS by L2 Linker
  • 37006 Views
  • 33 replies
  • 3 Likes

DNS Proxy technical details?

I am checking out DNS proxy as a possible use case. We have a requirement to log DNS requests that include the true source info. We have a few environments with wireless clients that will not otherwise have our normal agents or tools installed in order to get DNS info. If it goes through the firewall for DNS proxy, where are the logs tied to the...

External ping to public ip of secondary ISP interface.

I am having issues allowing pings on my secondary ISP interface. I have a dual ISP set up with my main connection a 10gbit connection with ISP1 and a backup 1gbit with ISP2. I am currently using path monitoring for internet failover and I also have a few PBF rules for some traffic to leave through ISP2. I was asked by ISP2 to allow ICMP for thei...

Dyardley by L0 Member
  • 5222 Views
  • 2 replies
  • 0 Likes

Resolved! URL filtering feature in PA 3220

Hi All, I would really appreciate if someone can let me know whether URL filtering feature is enabled by default in PA 3220 or Pan OS 10 or a subscription for URL filtering have to be purchased. Is there any default URL filtering features available in Pan OS 10? Really appreciate your comments. Thank you,Gayan Samarakoon

How to shun/block an IP address for a period of time

I've worked with several traditional IPS in the past and there is always a way to create rules that shun or block a source IP address for some period before automatically resetting. It is especially useful for stopping automated bots that are just probing for flaws across the Internet.Specifically, I'd like to create a rule that will monitor fo...

njoyzrd by L1 Bithead
  • 10645 Views
  • 4 replies
  • 1 Likes

PAN-171203 issue and latest 9.0.x releases

Hello everybody, as all you know, yesterday (or today, in US) were released updates to all PAN-OS versions addressing some issues, but I really have trouble with the PAN-171203 one. As per the PAN-OS 9.0.14-h3 Addressed Issues page (https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-release-notes/pan-os-9-0-addressed-issues/pan-os-9-0-14-h3-a...

grenzi by L3 Networker
  • 3337 Views
  • 2 replies
  • 0 Likes
  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels