General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Access to Internal Web Site Through pfSense VPN

Hey Community:I am in the process of rolling out GlobalProtect, but until I do, i have to continue to use a pfSense OpenVPN that was already in place before the Palo was deployed. The problem I am running into when i connect to the pfSense VPN i cannot browse to a web server that sits on server 192.168.130.221. I can ping the host just appears t...

collector group with redundancy not working properly

we have configured Panorama M200 in HA , configured managed collector with local log collector , configured collector group and added local log collector of both panorama, redundancy is enabled in collector group (log forwarding preference is not configured. Above configuration we have done to store same logs on both local log collector and ena...

Deepak25_0-1623763316613.png
Deepak25_1-1623763766133.png
Deepak25 by L3 Networker
  • 6667 Views
  • 8 replies
  • 0 Likes

Resolved! disable redundancy in collector group

We want to disable redundancy in existing collector group configuration due to less available space for logging one year logs. In our setup we have M200 in HA and configured local log collector in both Panorama. Configured collector group and added both local log collector in same collector group. Enabled redundancy to store copy of same logs i...

Deepak25 by L3 Networker
  • 4091 Views
  • 2 replies
  • 0 Likes

WF-500 Can custom Image

Hi Expert , I Would like to know about WF-500 can customer Image and Import to Appliance? Because the predefined image is not related to versions on the existing environments such as office and adobe. Thank you

Log-Collector Issue with 10.x to 10.x

Hi Community, I have a strange situation, maybe someone can help:Panorama on 10.0.6, Firewalls mostly on 9.1.x.We onboarded the 1st 10.0.5/6 firewalls and noticed, that we don't receive any logs within our dedicated log collector.The collector group is configured to receive logs from the new onboarded firewalls.When looking in detail at ms.log a...

Chacko42_0-1623654697519.png
Chacko42 by L4 Transporter
  • 2586 Views
  • 1 replies
  • 0 Likes

Unusual Issues in Hosted ESXI Environment

Hello folks, Posting here as a final act of desperation. I am still pursuin the case with TAC, but I hope that perhaps someone will have seen something like this before. Our network resides in a hosted ESXI environment provided by iLAND. We have an HA pair of virtual series firewalls with a public IP on the outside interface with a single iLand ...

Resolved! PA-3220 - PAN-OS 9.1.9 - proxy_wait_pkt_drop

Hi community This post is either to inform you about a possible problem and also to ask if someone already saw this and may be even has a solution. Some days ago the global counter for proxy_wait_pkt_drop started to dramatically increase on a PA-3220 running on PAN-OS 9.1.9. Obviously tls decryption is enbled on this firewall(cluster). The eff...

Remo by L7 Applicator
  • 3727 Views
  • 2 replies
  • 2 Likes

Redundant Static Route through two IPSec Tunnels

Hello All,I am attempting to setup primary and backup route to the same IP through two different IPSec tunnels. I have attempted both PBF and Static Route Path Monitoring and cant seem to get either to work, in both cases is because there is no IP assigned directly to the tunnel interface. Here's the layout:Site APA-820 Int 3<---------------...

IPSec Version

For audit purposes we neeed to know if paloalto is using IPSec version 3 or version 2?

Chana88 by L0 Member
  • 3720 Views
  • 3 replies
  • 0 Likes

Issue with correct FTP application detection

Hello Everyone! We have a pair of PA-5260 (Panos 9.1.4) between 2 security zones serving primarily the traffic to a file buffer.About 90% of the traffic is FTP with server side being a load balancer IP.With a small fraction of traffic we experience an issue where an absolutely standard acttive FTP data flow fails to be recognized by the PA as a...

New LIVE AMA event, LIVEcommunity Team Roundtable!

If you are curious to know more about how the LIVEcommunity works, have a chance to chat with community team members, or ask a non-technical question? Now’s your chance! The floor is open for all you burning questions now through June 24. The LIVEcommunity team will be answering all queries June 23–June 24. We can’t wait to connect with ...

ama-graphic.png
jdelio by L7 Applicator
  • 3240 Views
  • 1 replies
  • 4 Likes

Zone Protection CPS Calculations - Make ZERO sense

I have been collecting CPS (total, TCP, UDP, IP) via OIDs using PRTG for ~6 weeks. I have all the data I need (I think). However, the DoS Zone Protection best practice documentation leaves a LOT to be desired as it's not clear. If anyone has tried to setup zone protection (SYN, UDP, IP, etc.) flood protection, and understand HOW to actually ca...

link aggregation in a switched LAN environment.

Dear paloatonetwork live community I have the following question related the above topic what are the operation of link aggregation in a switched LAN environment. what are the Ether Channel technology will be used to create link aggregation. what are the Verification and troubleshoot commands to be used link aggregation switched LAN environment...

thought by L0 Member
  • 2208 Views
  • 1 replies
  • 0 Likes

Resolved! can I have multiple Def gateway IPs on single L3 interface?

I have a Layer3 interface on the firewall that is connected to a zone that hosts multiple subnets spread across the remote sites. I would like the firewall to block the intra-zone traffic in this. To do this, I will need to give the Firewall IP as the Def gateway. For e.g. Site A has 192.168.2.0/24 & site B has 192.168.4.0/24 , can I assign ...

Log Forwarding - are changes disruptive to PAN firewalls?

Hi Gang, We need to update our log forwarding to now include Syslog. Previously they were only uploading to Panorama. It was also previously shared but we will need to make it device group specific now as we have local syslog servers for local sites. I can't seem to see it on any documentation or simply overlooked it, apologies if so but... do c...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels