General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 436 Views
  • 0 replies
  • 2 Likes

LIVEcommunity January Rewind

Hi everyone! 

 

We are excited to share our first LIVEcommunity monthly recap with all of you! There are a lot of exciting things happening around the community, so we put together this News article sharing everything that you might have missed durin

...

agalindo by L4 Transporter
  • 2592 Views
  • 1 replies
  • 3 Likes

Resolved! Syslog Server Queries.

Hi,

 

I would like to know the following queries,

  • In log forwarding, there are 7 types of forwarding i.e traffic, URL, threat etc. can we know how much data will it consuming for an individual log type while forwarding the logs to Syslog server from CLI
...

Palo Alto image for demonostation shown in the video

Hi team,

 

I am looking for setting up the palo alto firewall as well panorama in VMware workstation as shown in below video. It seems to be pretty easy. Only thing I am looking for is palo alto image. How can I get the image ? I googled and got to kno

...

Vikashh by L2 Linker
  • 1595 Views
  • 1 replies
  • 0 Likes

Are used PA 'for-sale' posts permitted

Hello - does Palo Alto support resale of hardware that is not End-of-Life, and are posts on resale permitted in LIVEcommunity?  I have been searching for pinned community rules and have not found anything related yet.  I don't want to post/ask more r

...

keklund by L1 Bithead
  • 1494 Views
  • 1 replies
  • 0 Likes

IP spoofing /source routing

Hi Friends,

 

I have nt enabled Zone protection for our palo alto firewalls as its connected to trusted zones. I want to know the whether IP source routing is disabled in the PA NG Firewall (Pan OS > 9.0) by default or not.  Also steps to protect again

...

IpSec VPN Phase1 negotiation problem

Hi All,

 

I have two 4G router and two ipsec vpn tunnel. Routers are exactly same.

VPN configs are exactly same (except Ips) one tunnel up and running but other one failed at Phase1

 

It gives me "IKE phase-1 negotiation is failed. Peer\'s ID payload 192.

...

Lacrymae by L1 Bithead
  • 5372 Views
  • 4 replies
  • 0 Likes

SDWN and PAT

Trying to setup a LTE link as a backup link for an SDWAN deployment.  All of the LTE gateway devices do PAT as they get a single IP from the provider.  Will this work.  Don't think it will work in the hub but in the branches believe it will.  Just wa

...

Palo Alto QOS - WRED drops

In Palo Alto firewall,  we observed WRED drops on QOS (150Mbps)  applied egress interface eth 1/11 – due to which DB sync/mirroring is randomly getting failed/dropped between DC & DR. Please let me know for any configuration changes/workarounds to av

...

preetpk by L2 Linker
  • 3547 Views
  • 1 replies
  • 0 Likes

Resolved! IKE-NEGO-P1-FAIL

We are trying to setup a IPSec VPN from our VM-300 Palo Alto Firewall running in AWS. Using PANOS 9.0.11.

 

I’m having issues with the configuration of the IKE Gateway as the Interface IP address is set via AWS DHCP and does not reflect the public (ela

...

gateway.png
System logs.png

Resolved! GlobalProtect issue on Android device

Error message: gateway external server cert is invalid

 
Only for Android users who are using GP version 5.1 or 5.2.
 
No issues with 5.0. Using PANOS 9.1.3
 
Using Public Certificate and we only received 1 PEM file from the client.
The server cert (SSL1_Ne
...

Certificate.jpg
FarzanaMustafa_0-1612932636837.png

Slow speed via Global Protect.

I have VM300 with GP without split tunnel. Between with and without GP their is a lose of around 6mb.

Is it acceptable to have 6mb of overhead lose? Will enabling/disabling ipsec in ssl vpn setting make any difference.

Global Protect: Full Tunnel Enforcement

I have already contact Palo Alot Networks support about this issue and their comment back to me was "you need to protect the route preference/configuration from the host side."

 

The issue that I am facing is that we have third parties that are not man

...

  • 23699 Posts
  • 110 Subscriptions
Top Solution Authors
Labels