General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

client certificate authentication fails even though machine has certificate.

One of my setup with client certificate authentication in gateway was working fine. For some reason, it gives me 'Required client certificate not found. Please contact your IT administrator' error. The certificate is available in the client machine certificate store and PanGPS.log shows it is able to identify the same. But After which it fails a...

Resolved! Is there a better way to block non-default app ports?

After parsing some logging I've discovered some trends in users utilizing non-standard ports for some App IDs and I want to prevent that. The first thing that comes to mind if to create a policy only allowing the app-default port, but the issue is currently this traffic is hitting a more general permit rule at the bottom of the policy stack. We ...

Rules that allow bittorrent

Guys,I need to figure out the rules that specifically allow BitTorrent traffic in Panorama.Method that I use is searching traffic logs with (app eq bittorrent) and (action eq allow) and exporting .csv and sorting the rules. Is there any other quick method that anyone use? Thanks

Dhawala by L0 Member
  • 2937 Views
  • 2 replies
  • 0 Likes

tracking bursty traffic with the firewall

Dear community! I´m seeing in the interfaces the "rcv_fifo_overrun" counter increasing quite a lot and I´d like to find out what´s the root cause. Is there a reliable way to verify in the firewall if the reason of this counter to increase is some bursty traffic or anything else? Thank you!

Carracido by L4 Transporter
  • 2813 Views
  • 2 replies
  • 0 Likes

Palo Alto Management Interface Inbound Discards

Starting in either PAN-OS 8.1.x or 9.0.x we have noticed that SNMP is reporting inbound discards on all of our Palo Alto management interfaces in our monitoring solutions. It seems to be be specific only to the management interface as other physical interfaces of the device are not reporting issues. Has anyone here experienced this? I'm looki...

GCP Miner

Has anyone found a list/feed for GCP that actually contains zone information? Has anyone created a miner with such feed?

JDomNY by L1 Bithead
  • 2967 Views
  • 1 replies
  • 0 Likes

procedure to clear logs of M200 disk-pair

M200 is in HA with local log collector configured on both panorama and log redundancy enabled. We want to disable redundancy to gain additional space for logging. We want to clear logs of Secondary Panorama M200 disk-pairs and use it for logging from scratch. No procedure found in Panorama Admin guide.Please suggest best way to clear the stored ...

Deepak25 by L3 Networker
  • 3725 Views
  • 3 replies
  • 0 Likes

Resolved! Does Global Protect VPN has Two-Factor Authentication - Looking at VM-100/300 virtual PA and Physical PA-820

Team, Customer is looking for Multi-Factor authentication for VPN client, currently they have GlobalProtect, but they need to enable MFA for remote users, does Palo Alto has any feature or solution to achieve this? Need to check if both VM-Series and Physical has built-in MFA for remote VPN users (Global Protect) VM-100/300 virtual PA and Physi...

Connecting 3rd-Party VPN Device to PA-3220

Hi. Wanted to ask for opinions, suggestions, and experience on this. We have a Cisco ASA VPN Device from our vendor and we'll need to connect this to our PA-3220 FW. So basically, Internet --> PA3220 ---> ASA VPN --> LAN. This ASA will be inside our network and NOT remote. I would like to know if there is a way to connect this and make ...

Mitel decrypt error

Hi all,we have a open ticket with TAC, but wanted to ask if anyone's seen this, we're in the testing phase of it, and one of the phone's traffic shows up in the logs as decrypt error in the end result, so that phone is not able to login to the mitel portal, tac also disabled the user-id policy to narrow it down(I have tried to add a app override...

cdcirexx by L3 Networker
  • 7797 Views
  • 8 replies
  • 0 Likes

AWS x PAN 2 tunnels PBF backhaul internet static routes?

Anyone run into this before? I have 2 x AWS tunnels (No BGP) and I want failover to occur and I want to backhaul internet traffic from AWS out through the PAN. I have connectivity between AWS and on-prem with no static routes configured. However, if I try to backhaul internet traffic from AWS across the s2s vpn tunnel (attached to TGW) it fai...

drewdown by L4 Transporter
  • 5760 Views
  • 6 replies
  • 0 Likes

User not able to access one site

Not able to access the site is on another location I can ping the site it's responding I check session-id packet capture nothing was found.I create a policy for that user without any restriction still not able to access the site. In monitor its shows the application no sync TCP I did the zone protection thing from kb Paloalto article still no l...

Does Active-Active HA supports more users?

Hi Guys,My company bought a PA firewall a few months back. At that time we had around 85 users and PA technical person suggested that it will handle up to 100 users in our environment. Now, we have around 70 more people who joined our company, so total employees will be around 160. Now I have few questions -1) If we buy one more firewall (same m...

Satyam by L1 Bithead
  • 3045 Views
  • 2 replies
  • 0 Likes

Resolved! Threat ID 35823 is exempted then also it is blocking the traffic

Hi, HTTP SQL Injection Attempt threat id: 35823. we have exempted this threat id but it is blocking the traffic. on the traffic log, the session end reason is showing threat and in the threat log, it is showing reset-both. Want to know why it is still blocking and how can I troubleshoot this further.

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels