This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Decrypt-error with Inbound Decryption DHE or ECDHE on 8.1.3

Greetings all, I feel like I'm probably missing something simple here, but I'm running into a decrypt-error issue on 8.1.3 in regards to a server that is negotiating DHE or ECDHE ciphers with the client. On Chrome I get: ERR_SSL_VERSION_OR_CIPHER_MISMATCH And on Firefox I get: SSL_ERROR_NO_CYPHER_OVERLAP If I turn off decryption for this or set...

jsalmans by L4 Transporter
  • 22159 Views
  • 17 replies
  • 0 Likes

LED's on startup

Recently migrate to a pair of 3200 series firewalls. Everything was fine and dandy until we powered them down to migrate to the correct rack. Once we powered them up, one came up fine, but the other has a green power light and nothing else. the fans are going crazy like it's trying to come up, but stays like that. Tried consoling in upon bootup,...

Error when I try to add the SAML Identiti Provider for Okta

Upload SAML IdP Failed. No IDPSSODescriptor node found. Any ideas? Here's the file I'm trying to import <md:EntityDescriptor entityID="http://www.okta.com/exk....."><md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyIn...

Firewall is sending traffic when becoming passive for a few minutes

Hello friends, I am experimenting a strange behaviour. When performing a manual failover with the command: request high-avaliability state suspend, the firewall that become passive continues sending traffic to the BGP peers for about 3 minutes (ICMP packets), this is causing that those peers activate an anti-loop feature that freezes our MAC add...

firewall configuration

1. What source IP address/es are configured to successfully connect to the exchange destination IP address:2. If one or more source IP addresses will not be able to successfully establish a connection please explain why:3. What destination IP address will the source servers target to establish a connection?4. What is the remote exchange destinat...

Capture.JPG

Integration of Palo alto to panaroma

Hello All, I have two palo alto in high availiabilty running as Active-Passive mode. Basically i have to add these firewalls now in Panaroma which i will configure in High avalibility. Need to know what are the precautions i have to do to add these firewalls in panaroma with less impact or no impact on production environment. Please share if an...

PA and VPC

Hi, Hi, Please advise on the above design . Is there any pros and cons ? Thanks

pa.png
simsim by L4 Transporter
  • 8652 Views
  • 6 replies
  • 0 Likes

Routes between VPN tunnels

Currently on the Palo Alto firewall, there are 4 IPSEC VPN Tunnels.The issue is the following, a sub network of a Tunnel, tunnel that we will call TUNEL-A01, must be able to reach a destination that its destination is in another tunnel, we will call TUNEL-B01, that has the Palo Alto and at the same time be able to USE/apply NAT, when arriving fr...

Metgatz by L4 Transporter
  • 6972 Views
  • 8 replies
  • 0 Likes

Resolved! FS-ISAC New STIX/TAXII Feeds

Good Morning All,I am trying to configure our minemeld system to use the new FS-ISAC STIX/TAXII feed but its giving me issues. Has anyone successfully configured Minemeld to pull information from FS-ISAC recently? I added a sample of the config settings that I am using and a screenshot of the error message. Config Settingsage_out:default: last_s...

Pedro2020_0-1592489704011.png

Support for newer OS for Minemeld

Hey, we just started our journey with paloaltonetworks and installed the first 2 clusters. To automate our IP Adress lists, we wanted to install minemeld, but the only supported OS seems to be Ubuntu 16.04. which is out of support sind 30.04.2021, so like 10 days and i am not allowed to install Out of Support Operating Systems in our environme...

GP: Internal Host Detection Two Questions

In the PAN video I located on Internal Host Detection (see below), it shows where to enable this feature. But it doesn't mention what is expected of the IP Address and Host Name. Should one use the internal IP/name of the PAN? Or something else? And if an internal gateway is not set - the client will just not form a tunnel nor do HIP checks etc...

Serial number does not exist when registering PA-820 FW

Hi, Anyone encounter a problem of getting a "serial number does not exist" error message when trying to register a PA-820 FW? We originally had the tac decommission one of our previously purchased 820 fw's as it was misplaced when relocating buildings. After several weeks we relocated the unit and need to re-activate, re-commission the unit. Thi...

smelias by L1 Bithead
  • 5946 Views
  • 2 replies
  • 0 Likes
  • 24386 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks