General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Using Authentication Policy and GlobalProtect with AAD SAML to prompt MFA authentication for Admin access to resources

We have new requirements to require MFA for administrative access to just about everything and have to put into place in very short order. “In addition to remote access, multi-factor authentication is required for the following, including such access provided to 3rd party service providers:1 All internal & remote admin access to directory se...

Split Tunnel Routing Config Help

Looking for some help on split tunneling.We are on PAN os 9.1.9 GP client 5.26, for our LAN we also use Cisco Umbrella to block sites.What I want to do is when GlobalProtect connects I want all LAN traffic going through the VPN traffic, and all Internet traffic from the client going through their end, not the VPNWhen I try and configure split tu...

PA-5050-Data plane showing high

Dear Team, Our Core firewall Data plane CPU reaching to 99% , When we checking the traffic logs some MS-SQL application getting high usage, and system logs are showing "dataplane under severe load palo alto". Pan os : 8.1.15-h3 ,Device : PA 5050. Kindly let us know any solutions for this. Reagrds,Vishnu.

VishnuPS by L3 Networker
  • 4957 Views
  • 6 replies
  • 0 Likes

Palo Alto Globalptotect intermitant PanGPS error 'network type is unknown network' that causes the HIP report to not be send every hour

Has someone seen an issue where the PanGPS log is saying "network type is unknown network" before failing to send the HIP report every hour? For info we don't use or have enabled Internal Host Detection as there no internal gateways and I see that there are no logs before that for DNS resolution, so the Globalprotect app does not try to trigger...

Resolved! IPSec VPN certificates

I’m very new to Palo Alto and testing things out on a home virtual lab on local computer. I’m trying to configure IPSec vpn between 2 sites using certificates. My problem is that when I export the certificate from PA-1, I cannot import it to PA-2 because I don’t know where FW-1 has saved it on the windows 10 pc being used to manage the firewal...

ldapjazz by L0 Member
  • 3964 Views
  • 2 replies
  • 0 Likes

Knowledge sharing: restarting palo alto processes , reboot , shutdown, factory default reset

In palo alto like any some things are fixed with an restart. 1. If the managment plane in the masterd log (for more about the Palo Alto logs and their meaning you can check https://live.paloaltonetworks.com/t5/general-topics/knowledge-sharing-palo-alto-general-logs-and-log-files-that-are/m-p/410110#M92552) you see there are issues with a process...

Storage V-Motion

Hello, Our Virtualization team Storage vmotioned all the VMs on a specific host and that included VM-Series Firewalls for NSX as well. Resulting that the firewalls pass 0 kbps of throughput and dropping all the packets. We were able to identify this by looking at the throughput of the firewall which was 0. Does anyone know why storage vmotion br...

ayazdani by L1 Bithead
  • 3236 Views
  • 2 replies
  • 0 Likes

Resolved! Unable to export certificates

PanOS 7.0.1 Tested with Google Chrome and Firefox v56 When trying to export a certificate from Device tab --> Certificate Management --> Certificates, no matter which export format I choose, nor which certificate I choose, nothing happens. Browser window just refreshes and reloads the certs page. Nothing is downloaded.Has this ever happe...

Incoming traffic being not logged on external IP

Hi Any help greatly appreciated. I have 4 internal IPs w x y and z that need to route out on one of my external IPs (1.2.3.4). And then I need the ingress traffic on 1.2.3.4 to be routed to w x y and z based on the incoming port number. I am also changing the incoming port to a standard internal port number.The out going NAT rule seems to fin...

Resolved! IPSec VPN routing across multiple tunnels

Hi folks/. I have a situaiton that is doing my head in, and I need some help. I have an installation which looks like this "A" end - Palo Alto Active/Passive cluster, public IP for IPSec VPN termination "B" End - Juniper SRX cluster, Active/Active with TWO IP addresses (separate links) for IPSec VPN initiation I have configured two tunnels from ...

darren_g by L4 Transporter
  • 17307 Views
  • 8 replies
  • 0 Likes

MAC addresses for HA interfaces

I have 2 virtual instances of PA-8.0 on a laptop in a home lab for learning purposes. High Availability is configured in Active/Passive mode with HA1 using the management interface and it is working but HA2 is failing to sync and complete initialization. The HA2 interface is red in the GUI and will not go green. I think this may be a problem ...

Resolved! VA scan issue

Is there anyway to solve those VA issue? 1) 90317 - SSH Weak Algorithms Supported2) 42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)3) 70658 - SSH Server CBC Mode Ciphers Enabled4) 71049 - SSH Weak MAC Algorithms Enabled Kindly help please..Thank you

Vector by L0 Member
  • 3091 Views
  • 2 replies
  • 0 Likes

Global protect certificate expiry

Hi team,Can we renew the server certificate used for gp before expiry can you please let me know if there would be any impact after renewing the certificate before expiry?? Or we need to renew the certificate before 1 day ???

Resolved! CLI commands to add a device in devicegroup as master device

Hi Team, I found some command to add a device in device group and template but couldn't find how to set a device as master device in device group with CLI,Tried to search cheat sheet but the information/commands are not available.Is it possible or this can be done via GUI only. Appreciate if anyone have provide commands cheat sheet which are not...

Srikant by L1 Bithead
  • 5937 Views
  • 1 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels