General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! How to view the "others" in ACC Network Activity Source IP Activity

For the screen cap below I filtered the destination IP to one particular server. This Source IP Network Activity widget is showing me the first 10 IPs thattalked to it. But then all the other sessions are summarized as "others". I want to know all the IPs and to then export that information. Clickingon "others" doesn't seem to do the trick. If I...

MichaelMedwid_0-1636505380395.png

Resolved! Active Directory Users & Computers Latency with GlobalProtect

Hello Allanyone still experiencing high latency with ADUC, i tried several version of globalprotect, including the recent one 5.2.3-22, it takes me 5 to 10 min to search/display in AD users and computers. this issue keeps happening and did not see any concrete resolution from Palo Alto.the only version from what i tried which does not have this ...

Resolved! GlobalProtect client frequently disconnects with "Received a virtual interface packet with fragment"

I am experiencing frequent disconnect events which typically last 30-90 seconds and occur about 2-3x an hour during the work day. When a disconnect event happens, all connectivity is lost from the user's point of view, however the GlobalProtect client remains "connected". When these events occur, the PanGPS.log file shows the following: (T10852)...

millerh1 by L1 Bithead
  • 18626 Views
  • 12 replies
  • 0 Likes

Local policy to panorama

Hi, We have a customer using panorama to manage few clusters. For one of the location , they have just added the firewall to panorama . So we have to load the firewall to panorama and then it shows the local config like policy nat etc It is same like going directly to firewall and do the changes locally. Now customer want to make use if device g...

Resolved! PanOS 9 DHCP server and option 82

Hi, I am trying to figure out a way to use Palo firewall as a DHCP server for a network. The problem is that the DHCP discover/request comes with option 82 and I need the firewall to lease an IP and include option 82 with its original value.I am running anycast so option 82 is telling my routers where to forward the lease from the DHCP server. I...

PhilipV by L0 Member
  • 5539 Views
  • 2 replies
  • 0 Likes

Testing during Palo Alto 3000 cluster upgrade from 8.1.15-h3 to 9.1.11

Hello, I would like to know if an upgrade that traverses multiple major versions requires testing after an upgrade to each major version? Our upgrade path is: 8.1.15-h3 -> 8.1.20 -> 9.0 -> 9.0.14 -> 9.1 -> 9.1.11 Ideally, we would only upgrade one appliance in the cluster all the way to 9.1.11, though I know this is not recommend...

landoa by L1 Bithead
  • 3848 Views
  • 4 replies
  • 0 Likes

PA L2 interface ARP problem

Hi, I have a PA with two switches connected to the PA via L2 interface, in trunk. The same switches have a trunk between them. PA---SW1| |SW2--| So far so good, STP works and the network is stable. If one of the links between switch and PA falls (exemple PA to SW1) everything works too, all the traffic is redirect to PA via SW2, but as ...

DiogoFG by L0 Member
  • 4209 Views
  • 3 replies
  • 0 Likes

QOS on tunnel interface

Hello Bro, We are in process to configure QOS rules to control SMB over VPN.The tunnel interface can't be set as a destination interface, does that mean to use the interface that serving the tunnel?if I use the interface as the destination interface I receive error states that "destinaton interface must be a subif".SSL VPN configur...

PA3020 Replacement

I am planning to replace my HA pair of 3020 with PA-460s...what are you thoughts on this? I feel like the 460s are for branch offices and not data center although the specs are better or similar to 3020...they don't support LACP and they don't have dedicated HA ports...thoughts?PA-4605.2/4.7 Gbps firewall throughput (HTTP/appmix)2.4/2.6 Gbps thr...

Anees10 by L1 Bithead
  • 8651 Views
  • 7 replies
  • 0 Likes

Resolved! Terminal Server agent internet not working

Hi Team, We have configured the terminal server agent and tested it out for few agents and it was successful. But, for the same user's internet was not working some times. Agents version is the latest version. Have checked the source port allocation and their count is not exceeded. But still, somewhere it's misbehaving in mapping the IP-user-por...

VishnuPS by L3 Networker
  • 7149 Views
  • 8 replies
  • 0 Likes

Resolved! How to identified the APP on APP ID

Hello, I would like to know how to identified the application of the paloalto APP ID. When this application is using the ssl encryption, how this PA identified the APP name?

PA-3020 - Error: Threat database handler failed - Commit failed

Hello,We have a PA-3020 running FW 7.1.24 on an end of life infrastructure to be shutdown by the end of year. This PA-3020 has no longer any subscriptions/support. We are in need to enable a Security Policy for a few hours and found we can't commit due to the Threat Database Handler failed message.I see several posts and KB Articles regarding th...

tir7436 by L0 Member
  • 2634 Views
  • 1 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels