General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 350 Views
  • 0 replies
  • 0 Likes

Wrong HIP match

Dear All,

issue:

 

I have the firewall 5220 with PAN-OS 10.0.3 and I am facing an below issue:-

As GlobalProtect 5.2.6 is released with support for OPSWAT v4 only while OPSWAT v3 is discontinued starting from 5.2.6, I tried to test it on a few machines.

 

...

Jafar_Hussain_0-1620221429240.png
Jafar_Hussain_1-1620221429270.png
Jafar_Hussain_2-1620221429286.png
Jafar_Hussain_3-1620221429307.png

Resolved! Captive Portal Redirect Issue

Hello!  Quick question:

I have captive portal set up for one zone and it works well, where my captive portal "redirect host" ip is in the same zone/subnet as my users who need to authenticate.  But I'm needing to expand this so that users from several

...

Prevent OSPF routing loops - Area 0

Hello,

 

We have a PA5050 with a couple of VRs.  

VR1 is the main VR with interfaces into the main customer networks, internet access and a 3rd party link

VR2 is for GlobalProtect clients and a separate internet link for the GlobalProtect Portals/Gateway

...

gcampbe9 by L0 Member
  • 2291 Views
  • 1 replies
  • 0 Likes

GlobalProtect: Existing user session..?

Hi all..  I'm sure this will be a simple question to answer, but I can't find any explanation. In the following snip from our GlobalProtect traffic log on a PA200:

12/23/2014 17:142/23/2014 17:14GlobalProtect gateway user login succeeded. Login from: ...

thatguy by L2 Linker
  • 8663 Views
  • 3 replies
  • 0 Likes

Understand App_overrride

Hi,

 

We did a change from another vendor to PA. We realise that backups (vmware) were transferring very slow. So we created a app_override in order to avoid L7 in this VMware traffic. After that the spped for backpus got better.

So i have several qesti

...

BigPalo by L4 Transporter
  • 3170 Views
  • 7 replies
  • 0 Likes

Resolved! ssl inbound inspection

Hi community,

 

Will PA support inbound ispection if key exchnge mechanism is DHE/ECDHE ?.

i hope PA wont be proxying inbound SSL connection. whether PA changed this behaviour from any versions?

is there is a way to configure PA as proxy( we have server

...

Google Earth (Pro) and SSL Decrypt

Anybody figured out a the magic combo to get Google Earth (Pro) not to warn on startup with SSL Decrypt?  Before you ask "yes" SSL decrypt is working no errors or warnings in browsers (i.e. CA's in trust store) and yes I thought about the ICA issue a

...

PeterT by L2 Linker
  • 3624 Views
  • 2 replies
  • 0 Likes

Host with sinkhole action, what to do ?

Hello Bro,

              We have subscribed to the Palo alto DNS-Security feature and we have it applied now.

after few days, I have a dynamic object now with many host has been sinkholed for contacting a malicious domains.

Many Domains contacted, what

...

Resolved! DNAT with different external port to different internal port.

Hello, how are you all, I hope you are well.

I would like to do the following:

 

In Fortinet is the following possible, DNAT, with Public IP example:
198.10.100.100:8081 ( alternate port ) ---DNAT-Mapping---Private IP destination 192.168.100.100:80 ( Por

...

Metgatz by L4 Transporter
  • 4625 Views
  • 6 replies
  • 0 Likes

Resolved! PAN-OS 10.5 WiFi HotSpot

Hello World,

 

I am simply attempting to setup a portal to where my guest are able to accept the terms of service in order to access the internet. 

 

Is this possible with Palo Alto? I've done this on other vendor platforms and it wasn't rocket scien

...

LED's on startup

Recently migrate to a pair of 3200 series firewalls. Everything was fine and dandy until we powered them down to migrate to the correct rack. Once we powered them up, one came up fine, but the other has a green power light and nothing else. the fans

...

firewall configuration

 

1. What source IP address/es are configured to successfully connect to the exchange destination IP address:
2. If one or more source IP addresses will not be able to successfully establish a connection please explain why:
3. What destination IP addres
...

Capture.JPG
  • 23830 Posts
  • 112 Subscriptions
Top Liked Authors
Labels