General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Dual ISP, PBF traffic not returning

I have two ISPs configured with path monitoring and I can successfully monitor the primary route and fail over to the secondary, however what I would like to do now is use PBF to always send some of my traffic out the secondary ISP. Everything I've read says this is possible and should be fairly straight-forward but I just can't seem to get it ...

NAT.jpg
PBF.jpg
Traffic.jpg
Cooper80 by L0 Member
  • 3929 Views
  • 2 replies
  • 1 Likes

unable to block google chrome updates

I blocked 'google-update' app in firewall rules but I still see some of the users' browsers getting updated. I can't find any helpful logs for those users. Please let me know a solid way I can blocked google updates on Palos. TIA.

Resolved! HA down PA-220

I've a pair of PA-220 configured as cluster. After power off - on HA is down. But I can connect to both firewalls via https & ssh.Active fw1 shows that HA ports 7 & 8 are down (red in GUI). On passive firewall fw2 all ports are grey.But the real strange thing is, when looking into running-config (CLI), on active fw1 all the HA config is ...

ChrisCon by L2 Linker
  • 5726 Views
  • 3 replies
  • 0 Likes

Resolved! Failed to delete Certificate due to references - but I don't want to delete those references

Hello, my current GlobalProtect portal/gateway certificate is expiring soon so I had our 3rd party CA create a new one with the same name. In Panorama under templates/device/certificates, I uploaded the new cert with a temporary name (ex. expiring cert name is foobar.net so I uploaded the new cert as new_foobar.net). Now I want to delete the e...

Certificate renewal impact before expiry

In Palo Alto some certificate are expire in this months. Request you to help us to know will there be any impact at user end if certificate expires and we renew on firewall before expiry.

SurajN by L2 Linker
  • 3827 Views
  • 2 replies
  • 0 Likes

Validation of Local client certificate failed resulting in error 58, Problem with the local SSL cert

Hello, Has anyone encoutered this error message below? I could not find much info on this.Using PA500 with PAN-OS 8.1.4 domain: 1 receive_time: 2019/02/09 10:16:13 serial: 00xxxxxxxx seqno: 4858056 actionflags: 0x0 type: SYSTEM subtype: wildfire config_ver: 0 time_generated: 2019/02/09 10:02:12 dg_hier_level_1: 0 dg_hier_level_2: 0 dg_hier_level...

Resolved! tunnel monitor works improperly

hello I am trying to enable the tunnel monitoring for an IPSec tunnel(not sure what device the other end is using) and got very interesting result.The proxy id config islocal:172.16.17.3/32remote: 146.48.211.0/24 My client subnet 172.16.2.0/24 will be natted to 172.16.17.3/32 while accessing to 146.48.211.0/24. I assigned an IP 172.16.2.222 to t...

DongQu by L2 Linker
  • 4180 Views
  • 1 replies
  • 0 Likes

Automation of GlobalProtect installation

Hi all, I am trying to automate the deployment of GlobalProtect software in laptops with Ubuntu installed and I have faced an issue not easy to explain. The operating system is being deployed automatically in chroot mode, and one of the last steps involves installing the package of GlobaProtect as root ( dpkg -i GlobalProtect-latest.deb) After t...

What does it means Stage e Events GlobalProtec Fields?

Dear, we are doing a large and hard troubleshooting to forensic analysis into our company, so we need know more information about the "GlobalProtect Stages and Events columns Logs Monitor".Example: what it means the stages: before-login, tunnel, host-info, login and configuration. What it means the events: gateway-tunnel-latency, gateway-logout,...

rennersf by L0 Member
  • 2309 Views
  • 1 replies
  • 0 Likes

GRE passthrough

Hi, we have a site on an already trusted zone, we require to allow GRE traffic through the FW to enable our wireless access points communciate back to the wireless controller (aruba). I have created a custom security policy to allow this gre and papi (aruba protocol), however the GRE traffic is being dropped/denied by a default interzone policy....

DForde by L1 Bithead
  • 2870 Views
  • 2 replies
  • 0 Likes

DNS security service review

Hello all, has anyone tried DNS security service on Physical NGFWs? Does it provide any additional benefits compared to the regular Anti-spyware protection with Threat licensing? Please post your reviews. TIA.

datapne interface not reflected in user-id agent after changing service route

we have changed service route of user-id and ldap service from mgmt to dataplane interface of firewall. in windows based user-id agent earlier mgmt ip was showing connected,but after changing service route to dataplane interface , dataplane interface not showing in windows based user-id agent connected list. do we require to change serivce route...

Deepak25 by L3 Networker
  • 2277 Views
  • 1 replies
  • 0 Likes

Failed O365 Updates

We have two sites running PA-3020, one site is able to download O365 updates but the second site fails to download and install the updates. Not sure what im supposed to be setting on the 2nd Palo Alto to get this working. They are both running 9.0.12 update

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels