General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Redundancy for Global protect VPN

Dear Friends, We have a customer who is Currently configured with GP- Global Protect for VPN is connecting with ISP-1, one Public IP / One ISP-Internet Service Provider. Requirement is, can we configure as backup or as redundant with another ISP-2 ? Purpose : Once One ISP is down, then GP- Global Protect users will not disconnect from remote...

Resolved! Undetected APP dependency?

Hi. So we ran into an issue and we're not sure if there's a missing app dependency in the Palo Alto db or if we're missing something. What happened was, we migrated one Policy from port to APP-based. On the Apps seen it only had one detected app (let's call it app1) with no new apps seen for a long time. This rule is being hit regularly by tr...

mR00t_s5 by L2 Linker
  • 1594 Views
  • 2 replies
  • 0 Likes

Migrate Fortinet to palo alto

Hello, We are planning to migrate from a Fortinet firewall to a Palo Alto Networks firewall. As this is my first time handling such a migration, I would greatly appreciate guidance from an expert on the step-by-step actions required. NGFW

Resolved! HA active/active dual ISP load balancing

Hi all, I am considering network design that have: - Dual ISP (public IP /29 for each) - 2 x PA with active/active HA - PA connects directly to L2 networks (LAN) Requires: Load sharing between 2 ISP Internet links Problems: Is it possible to configure separated nat for each? How session can failover to remaining PA? Do I need Floating IP for...

nw-rogox by L0 Member
  • 8331 Views
  • 4 replies
  • 0 Likes

Resolved! Is the Cloud Identity Engine required for filtering by Group when using Entra without LDAP?

I feel like I've read every document on this forum but I can't seem to find a solid answer to this question. I'm sure someone will link 4 other posts..... 🤦‍♂️ I am using SAML Auth to Entra for GlobalProtect. I can auth to the Portal if I specify the user directly (using domain.com\username - [email protected] does not work). I can also ...

KSaucier_0-1748887583212.png

Shutting down/disabling subinterfaces

I am very new to the PANOS world so I will apologize in advance if this is obvious, however my search of documentation and knowledebase did not yield anything. I have been looking for a way to administratively shut down sub interfaces. Is this possible? While it's easy enough to shutdown a physical interface by assigning it's link-state we're no...

scourge by Not applicable
  • 35889 Views
  • 15 replies
  • 0 Likes

Join RQL query throwing Failed to execute RQL search . Illegal Argument

Hello team, I am trying to execute the below join query in achieve the below output- 1. Only Service accounts that has have elevated roles (e.g., roles/owner, roles/editor) 2. Service accounts that have atleast one user-managed key config from cloud.resource where cloud.type = 'gcp' AND api.name = 'gcloud-projects-get-iam-user' AND json.rule =...

Thoughts and experience with the Prisma secure browser

Hello Community, I'm looking for general feedback on those who have or had used the secure browser for DLP. Things that work well, things that didnt, etc. Just looking for non sales honesty on it. The purpose of its use would be to use the DLP feature when users utilize AI prompts etc. To help prevent PII or PHI leakage. Thanks in advance!

Resolved! Clone a Device Group?

Hi Guys, I have Panorama with a few device groups; how do I clone one of them from GUI so I can do testing without impacting a production device group? Thanks

tinhnho by L3 Networker
  • 11348 Views
  • 5 replies
  • 0 Likes

Resolved! PA-200 Stuck in Maintenance Mode, attempting factory reset

I'm attempting to factory reset a PA 200 that was on the spares shelf. The unit appears to be stuck in Miantenance mode, every reboot command boots in maintenance mode. I attempted to execute the factory reset and the message I get is: "No current image found, please use advanced options" So I click on advanced options and it asks for a pa...

Resolved! Redistribution UIA not working...... INTERNAL ERROR

Hi, I configured a PA in order to redistribute UIA mappings to another FWs. All the config is OK but its not working. I can see this in the FW redistributing: (active)> show redistribution service status Redistribution info:Redistribution service: downReason: internal error i tried to restart process UIA MGMTServer.... any idea about ...

BigPalo by L4 Transporter
  • 2393 Views
  • 3 replies
  • 0 Likes

Resolved! Modify System Alerts

I'm wondering if it's possible to modify alerts in PAN-OS. We've enabled email notifications for critical alerts and I'd like to change one type in particular. Our firewalls begin sending alerts related to license expiration 30 days in advance. Is it possible to change it to 60 days? Example Alert:SYSTEM ALERT : critical : License for feature wi...

IpSec VPN Phase1 negotiation problem

Hi All, I have two 4G router and two ipsec vpn tunnel. Routers are exactly same.VPN configs are exactly same (except Ips) one tunnel up and running but other one failed at Phase1 It gives me "IKE phase-1 negotiation is failed. Peer\'s ID payload 192.168.225.100 (type ipaddr) does not match a configured IKE gateway." error. I global search on Pal...

Lacrymae by L1 Bithead
  • 10226 Views
  • 5 replies
  • 0 Likes
  • 24394 Posts
  • 123 Subscriptions
Top Solution Authors
Labels