General Topics
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics

Discussions

Join Us for a Tech Deep Dive Miniseries!

 

Stop Zero-Day Threats in Zero Time with Nebula PAN-OS 10.2.

 

Join us live for an in-depth look at the latest advancements in cybersecurity, best practices, tips and tricks, demos and
more to protect your business and defend against threats in real

...

nebula-on-demand-tech-deep-dive-miniseries-live-community-banner-2600x600.jpg
jforsythe by Community Team Member
  • 489 Views
  • 3 replies
  • 1 Likes

Moving Panorama M100 function to M500

Seems M100 does not support PAN OS 9.0

We have Physical M100 running as Panorama mode.

Also we have M500 running as Log collector mode.

 

Can we move config of M100 to M500 so they can manage all the firewalls?

MP18 by Cyber Elite
  • 1157 Views
  • 1 replies
  • 0 Likes

Panorama 8+: Can you override EDLs in child Device Groups?

Currently running Panorama 7.1.  We'll be upgrading to 8.1 in October-ish.

 

According to the documentation for 7.1 and 8.1, you can create an EDL in Device Group A, and it will be inherited by all child device groups below it.  This is working.

 

Accord

...

fjwcash by L4 Transporter
  • 1521 Views
  • 1 replies
  • 0 Likes

High utilization caused by decryption

I dunno if anybody else has run across this or not but I just felt compared to share.  I have been having fairly continious performance problems with a 5050 cluster and last night I isolated at least one culprit that's been adding to that problem.  W

...

Resolved! Question About PA SSL vulnerability

Hello Team,

 

Can anyone provide a solution resolve below vulnerability in PA.

 

Port no.: 443

 

Summary: Weak cipher suites supported

 

Analysis :The remote host running SSL using a weak cipher suite which can be exploited by an attacker to perform man in t

...

Dynamic Block List - Limit on number of entries?

I've been experimenting with MineMeld and love it - brilliant product 

 

That said, I'm struggling to get a clear idea what the size limit is of each blocklist.

 

https://live.paloaltonetworks.com/t5/Learning-Articles/How-are-Dynamic-Block-List-Entries-

...

move from 4 internet lines to one single internet line

Configuration changes in case we move from 4 internet lines to one single internet line ?

in Our Current scenario, We have 4 interfaces configured with 4 different Public IP address and each interface is linked to the different router( Internet),each

...

MFayez by L2 Linker
  • 1354 Views
  • 3 replies
  • 0 Likes

Palo Alto Core Firewall HA Active/Active

I have found some issues in running HA Actvice/Active as it relates to config sync. It appears when a red dot on the firewall and an Admin connects their default reaction is sync config. So I noticed that something that replicated to the active-secon

...

One Internet line Multiple intefaces

Hi Everyone
In my sinaro i have one internet line 10 MB and i have 5 zones configured in PA my question . and each zone for different purpose for example (IP SEC - Intenet -Email)

 

 

 

1-  how i can provide the internet to multiple zones with a multiple

...

MFayez by L2 Linker
  • 4110 Views
  • 14 replies
  • 0 Likes

Quality of tech support in recent months

Is it just me? I noticed that it became almost impossible to get a support person on the phone without being on hold for hours...

When opening tickets online, it would sometimes take days to schedule remote session and some engineers just don't have e

...

PavloJCP by L1 Bithead
  • 3430 Views
  • 13 replies
  • 0 Likes

Resolved! Using External DNS server

 

We need to isolate the vendor traffic and we do not want this traffic to talk to our internal DNS server for DNS queries.

Is it safe to use google dns server and then apply dns sinkhole?

We can use the security policies app based and then apply app de

...

MP18 by Cyber Elite
  • 1210 Views
  • 2 replies
  • 0 Likes

Resolved! DNS security license and traffic flow

 

We have User where they access the Internet and traffic flow via say Corp PA

We have DNS server which is internal and the DNS traffic to Internet flows via say DMZ PA.

 

On PAN OS 9.0 if i get DNS license on Which PA i should get for?

As my understandin

...

MP18 by Cyber Elite
  • 1028 Views
  • 2 replies
  • 0 Likes

IPSec VPN Tunnel Throughput Monitoring

Is there a way within the palo alto firewalls to look at the active IPSec VPN tunnel throughput? I have a 3050 firewall with a handful of IPSec tunnels configured (individual and LSPVN tunnels) and I'm wondering how you would know if you were coming

...

BGP peering on loopbacks, struggle is real

I am really struggling with this. I have been at it for hours. I have two Palo Altos in standalone mode both forwarding traffic.I have connected to each palo cisco 9500s and Cisco 9300s. These are not fully meshed. So i know that I am going to need R

...

Top Liked Authors