General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Validation Error for device and networks. Commit failed

We have deployed PA-VM (10.1) from Azure marketplace. We are in the process of getting the device registered.It is at its initial config i.e. only created two eth interfaces, 2 nat rules, 1 VR with two static routes and 1 policy allow all.However, we cannot commit this config. Getting error below.We have not used DHCP for the Eth interfaces.Only...

CommitError.PNG
MGMT settings.PNG

Resolved! DevSecOps

Hello,I am attempting to automatically download paloalto products into my software factory. What is available to do this?

Resolved! Phase 2 tunnel is not up

One of my clients configure the site to site tunnel from AWS to Palo alto device the phase 1 is able to up but the second phase is not up it is because we didn't enter the proxy id for or something else i should go for troubleshoot kindly help.

Query on IKEv2 Phase2 parameters

Hello, We are thinking of peering Cisco ISR G2 Router with PA-VM (deployed in Azure).In Cisco, ESP-AES-256 is used for Encryption and ESP-SHA-256 is used for Authentication.I can see that these two options are not available in PA-VM.In that case, what should we select in PA-VM so that we can create a site-to-site tunnel with the Cisco peer? Than...

Is your organization using a DevOps or DevSecOps model?

We could like to know if your organization using a DevOps or DevSecOps model, or are you trying to move to one? What has your experience been so far? Do you like it? Do you hate it? Things we can improve on? Please let us know your thoughts.

jdelio by L7 Applicator
  • 5294 Views
  • 2 replies
  • 2 Likes

How to reimport a csr via api

Anyone ever tried to import a csr back into config? I generated a csr on panorama the other day and then went to generate a certificate. (I did not commit at this time) when I came back with the csr response someone had reverted the config so my csr was goneI now have a config audit entry with some rest API information about the cert car, but ca...

reaper by Cyber Elite
  • 4626 Views
  • 5 replies
  • 0 Likes

What does these vaules in dp brdagent logs mean

2021-08-04 03:08:26.800 +0000 PORT4: board_port_autoneg_enabled -> board_port_autoneg, link: 0, mode: 12021-08-04 03:08:26.856 +0000 Port 1: DISABLE command received2021-08-04 03:08:26.856 +0000 PORT1: board_port_autoneg_enabled -> board_port_reset, link: 1, mode: 12021-08-04 03:08:26.858 +0000 Port 1: Down 1Gb/s-full duplex2021-08-04 03:0...

Palo Alto 10.0.6 5220 and 'show session all filter min-age'

Hello All, Just wondering if 'show session all filter min-age 4000000' displays relevant information. We have around 3200 sessions in session table at average, but when I am trying to look for long-lived or even stuck(?) connections number using command above, it shows me around 200 connections. But if I take one of those 'old' ones number and v...

VPN Site-2-Site both sides with dynamic IP

VPN Site-2-Site both sides with dynamic IP Good afternoon, first of all, thank you very much for your support and help.Is it possible to configure the following: Site 1: Palo Alto with Dynamic output to the Internet.( already have NAT configured on the modem/router/ADSL pointing to the Private WAN IP.Site 2: Palo Alto with Dynamic output to the ...

Metgatz by L4 Transporter
  • 3203 Views
  • 1 replies
  • 0 Likes

Resolved! Pulling in users directly from ADDS?

I have a requirement to pull in our users from Azure AD (or AADDS depending on the solution) into Prisma Cloud in order to create policy rules based on the source user/group but I'm unsure as to which method I would need to set this up? (Device\LDAP, Panorama\LDAP or Cloud Identity Engine - perhaps there's more than one way?!) We do not have a W...

cra1901 by L0 Member
  • 5706 Views
  • 6 replies
  • 0 Likes

Directing SMTP Traffic to VPN Tunnel

Hello Team, I am new to this kind of issue and need suggestions as I need to execute the same in my Organisation. I would like to know if we can direct the SMTP Traffic (Outlook Mails) to our IPsec VPN Tunnel without disturbing any other application traffic for users. If possible I need to establish this only for mails.

mkd1995 by L0 Member
  • 2800 Views
  • 2 replies
  • 0 Likes

CIS Control 13.5 - Unauthorized use of encryption

Looking for input on this one. From a Palo Alto perspective, what would be the best way to monitor for encrypted traffic in general? Need a way to make sure we're specifically able to point to traffic that was encrypted and provide a report or show that in a dashboard perhaps in our SIEM. Taking a first look from the ground up and looking for op...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels