General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Backup and Restore PA Panorama and Firewalls setup to new infra in Azure

Hi friends, Want to setup a parallel infra for current production environment where current configuration should be used in new VMs(Panorama and Two Firewalls) . How can we export only current security policies ,objects, and import to new setup (manually creating 400 policies will be difficult) ?. New setup already have different basic configu...

VPN tunnel and NAT rules

I have to create a VPN tunnel between two businesses. The main objective is that company A needs to provide access to the following subnets to company B: 10.10.1.144/2810.1.2.144/28 I've got all the tunnel info set up, and there is just a public IP address on each firewall as the peer IP. For company A where the subnets are located, I'm struggl...

buck1 by L1 Bithead
  • 15990 Views
  • 6 replies
  • 0 Likes

We want to hear your thoughts - Enhanced LIVEcommunity Experience

Now that the enhanced LIVEcommunity experience is live, we want to hear your feedback and also help address any questions you may have! Please use this discussion post to share your thoughts or ask questions. You can find a walkthrough of all of the enhancements made across the community here. Thank you for the continued participation and s...

agalindo by L4 Transporter
  • 5188 Views
  • 1 replies
  • 5 Likes

Resolved! Why I see no logs for DoS policies

I am testing DoS policies and have alarm rate set as 1. I did not intend to be that low but I was not seeing logs under monitor for a server that is continuously used. There are flood logs from Zone Protection and they use a different log forwarding profile for easy differentiation. DOS policyAggregate and classified profiles used in policy

image.png
image.png
image.png
raji_toor by L4 Transporter
  • 7314 Views
  • 3 replies
  • 0 Likes

Traffic to one internet IP address to use specific interface and WAN IP

Afternoon all! I'm sure this is easy on our PA850 firewall but I can't figure it out. Interface setupethernet1/1 - Internal networks - Zone LANethernet1/5 - Primary internet line with /27 IP range - Zone WANethernet1/6 - Secondary internet line with /29 IP range - Zone WANA single virtual router for all interfaces I need to have outbound interne...

How to migrate from a PA-7050 to a PA-5250

Hello, I'm looking for information on how to migrate from a PA-7050 to a PA-5250. Is there any best practice documentation on how to make this transition? I am looking for the steps to migrate. I have migrated PA-500's to PA-820's, but haven't done the larger machine migrations yet.Any help is greatly appreciated.

SNMP bug in Pan-OS 9.1.8

I monitor the following parameters with SNMP V3 using PRTG:pan zone active other ip cpspan zone active tcp cpspan zone active udp cpsSince the upgrade from 9.1.7 to 9.1.8 these parameters can no longer be read. After downgrading to 9.1.7 it works again.Seems like a bug to me. Or did I mis something?

Han.Valk by L2 Linker
  • 3671 Views
  • 3 replies
  • 0 Likes

iframe support for PA 7050 firewall webUI?

We are setting up a single pane of glass to monitor multiple systems. The software uses a web browser and iframes to connect to the other systems. Some sites work and some don't. The PA 7050 firewall console in particular returns a "refused to connect" message, even before you get a login prompt. By contrast, opening up a tab in the same browser...

Recommended version for PAN-OS 3020

I appreciate you being able to advise me on updating the software version to which i can safely upload and according to our PA-3020 HA equipment model, we are currently in version 8.1.15-H3. Regards,Steven Herrera

Is Palo Alto Globalprotect Always On mode possible only for the portal?

Hello to All, Is it possible to set the Globalprotect Always-ON mode enable Single Sign On, so that the user automatically logs into the portal but after that the user to need to authenticate to the gateway? The idea is that for the portal and gateway different authentication methods are used and the gateway authentication method does not use ...

Resolved! panos 10.0.5 can't commit firewall changes

Hi, I'm brand new to PA firewalls. Have a new pair of 3220's in active-passive HA. This is not in production. We are using them to learn on and eventually, hopefully later in the year move to production, replacing an active-passive Cisco ASA. I have two 10gbps fiber links to both our core switches in an mlag at the switch (so it looks like a ...

ksauer507 by L3 Networker
  • 5188 Views
  • 2 replies
  • 0 Likes

DNS Proxy inheritance source

I want all devices on one of my interfaces to use my DNS servers, regardless of their configuration. Seems pretty simple, but I'm stuck.I can edit and OK/OK out of the DNS proxy dialogs (PANOS 4.1.2), but commit fails with "Inheritance source needs to be specified."The only option I have for "Inheritance source" is "None." I can only choose "Inh...

rgraves by Not applicable
  • 10914 Views
  • 3 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels