General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Error Palo Alto Global Protect on MacBook

Hi Guys, I am facing an error when i want to use global protect on my mac. Every time i want to log on, It shows Gateway SSL VPN GW: The server certificate is invalid. Last two weeks i just use this and no problem. Please help me to solve this issue because it was very urgent. Appreciate if you could help me to solve this. Btw: my MacBook OS...

Kevin234 by L0 Member
  • 2621 Views
  • 1 replies
  • 0 Likes

Commit Error Messsge for Application being used

We noticed last month that a core firewall PA-3060 has started reporting the same error message as in this link. Application being already in use. We have provided tech support files to PAN support but they are still unable to determine the reason that we keep getting these error messages when we commit to the firewall.https://live.paloaltonetwo...

bambox by L1 Bithead
  • 2495 Views
  • 1 replies
  • 0 Likes

Data Filtering logs not in Panorama

Hi All, we are running 9.0.12. I've got data filtering with the patterns etc all set up. The logs appear fine on the firewall. And logging profile is set to forward all to Panorama, but none appear in Panorama. It's empty. Logging profiles is set to forward log type Data to Panorama.Any help would be appreciated. Panorama is forwarding all event...

igs1917 by L1 Bithead
  • 4360 Views
  • 4 replies
  • 0 Likes

SSH to Management interface (RADIUS Auth) PAN OS 10.0.4

Working on an HA Pair of PA-820 firewalls and just finished configuring auth for management interfaces. Went to test, and found that the firewall said auth succeeds, but the SSH connection immediately drops. Config:Auth profile is RADIUS (Windows NPS server)PAN OS 10.0.4Tests:Authentication to web interface works for user via RADIUS profileAuthe...

D_Baerry by L1 Bithead
  • 4638 Views
  • 2 replies
  • 0 Likes

Resolved! GlobalProtect - Use Machince Certificates for Authentication

Hi everyone, at the moment our GlobalProtect Infrastructure is only using LDAP for authentication, which is a problem since users should only be allowed to connect to GlobalProtect via a corporate Windows notebook.As a second factor we would now like to use machine certificates. We have already rolled out machine certs to every machine by an int...

Enabling multi vsys on a prod firewall.

I’m planning to create multi vsys on my palo alto. I just wanted to know if my existing configuration (interfaces, aggregate interfaces and rulebase) will be moved as it is to vsys1 or they need to be mived manually? I have aggregate interfaces layer 2 in my environment so I need to assign vlan interfaces to vsys and keep parent port in no vsys ...

HA1/HA2 speed recommendations for a PA5200 series setup (A/P)

I'm not sure if this documentation exists somewhere but I can't seem to find it.we have a customer with palo alto 5200 series firewall.due to covid-19 (as is the case with so many companies they are currently production stress testing the firewall with extra load due to teleworking, etc)the firewall handles it fine. however the ha1 and ha2 inter...

Resolved! Authenticating a PC based application

We have an old vertical application that can connect to a web server via https and that populates the datain the desktop application (thick client). Mgt Team would like there to be two factor authentication. But if the thick app does not support two factor I think that's a non-starter. Or could there be some way that a legacy app not designed fo...

Reconnaissance query

Hi Team,Is it possible to whitelist on the basis of destination for scanning port. I can see in Reconnaissance configuration we can only whitelist on the basis on source address. But more than 500 sources are available to scan port so its difficult to allow those for specific destination address. Please suggest. regards,Shiv

Cortex XDR Agent management questions - stragglers and operation status

I've deployed the cortex agent to all of our servers and now need to find stragglers (servers without agents running). I also need a method to know that not only are the agents installed and running but they are actually running as designed. I noticed there is a network scan in the portal for cortex but it only shows IPs for the devices, so I d...

PA-220 advertising BGP routes

Hi everyone, hope you're well. I hope somebody can help with this. I'm looking to introduce a local Internet breakout, by installing a Palo Alto 220 firewall, as the site has been reporting slow Internet recently.

BChana by L0 Member
  • 2530 Views
  • 1 replies
  • 0 Likes

Template setting not working

WildFire looks like this on the Palo: But if I click on it to change it, it has a template setting: I took a look at the Stack and the one at the top has the correct setting, the one at the bottom is set to none. So that should be right, any idea why this is happening? I've refreshed and within Panorama everything says "In Sync".

Manual.jpg
WF.PNG

Resolved! Pruning weak key exchange algo in Pan OS 8.19

In Palo Alto v8.19, they added functionality to prune multiple weak key exchange algo in one line: (https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-19-addressed-issues.html) I followed the guide here (https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-cli-quick-start/get-started-with-the-...

  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels