General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How to Renew Certificates for GlobalProtect Devices

Hi all, I want to renew the expiration date of the certificates for my globalprotect devices. The firewall is the CA that issued the certificates. My question is whether I have to export and import the certificates after renewing them by following the steps on this article: https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/cer...

Carracido by L4 Transporter
  • 29391 Views
  • 7 replies
  • 2 Likes

Palo Alto appliance SSL-VPN throughput

Hi all, I searched all the documents available for Palo 5220 (performance datasheet, PANOS admin guide etc) but i cannot seem to find anywhere specified the SSL-VPN throughput...only the maximum number of SSL-VPN tunnels. Is there anyway or maybe a document where I can find this parameter? I need this for writing a technical proposal to a client...

livliv by L0 Member
  • 3710 Views
  • 1 replies
  • 0 Likes

Resolved! Cannot install Machine Certificate for GP Pre-logon

I encountered a problem installing the machine certificate.I followed the article below:https://live.paloaltonetworks.com/t5/news/globalprotect-pre-logon-authentication/ta-p/322237 We are using a self-signed root ca that is in the cert profile for auth, then generated the server cert and machine cert and signed them with the same root. Then expo...

ERROR.png
CERT.jpg

Connect 2 Aruba Controllers to PA-220

We have two Aruba wireless controllers in a master / secondary configuration. Each one has a trunk port which contains about a dozen VLANs with our guest wireless traffic. The VLANs are arbitrarily assigned to the trunk ports by the controllers and can change depending on network conditions (from what I understand). The PA-220 is the gateway ...

radius user group

Hello! I'm studying the PCNSA, may I ask you a question about a security policy?The "it" group in that policy could be a Radius group imported on the FW?Or could be a way to map users to group? PS:it would be very useful if Palo Alto offered a free VM lab to test which we are learning, anyone know if it's already been provided? Many thanksAle

group palo alto.png

Resolved! Transport of Decrypt Port Mirror traffic to a remote Switch/Server

We've been trying to redirect the decrypted port mirror traffic to a remote sever in the network.If we plug a notebook into the decrytp port mirror of Palo Alto, we see all the decrypted traffic in Wireshark.So, we tried to connect PA port into a switch and use Cisco RSPAN to send the traffic to our remote Server. It just doesn't work.I may be f...

Resolved! What's The Difference Between Interface VLANs Tab and VLANS Section In Sidebar? (PA-220)

Hi all, I'm confused as to what the difference is between the "VLAN" tab under "Interfaces" in "Network and the "VLANs" section in the sidebar in "Network"? My goal is to create a couple of different VLANs for a network where certain traffic has to be segmented from other traffic. All of my ports are operating on L3. Thanks!

Resolved! Query on clientless VPN

We are told that the clientless apps only works with HTTP/HTTPS based apps, and therefore we cannot use it to allow MS remote desktop. This is the problem I am trying to solve. Our users currently use their own computers at home. They connect to the corporate network using Global Protect, but of course this could be a security risk if one of th...

NEED TO CREATE NEW VYSYS ON FIREWALL MANAGED BY PANORAMA

Hi Team, I am planning to create new vysys on firewall which already managed by panorama. In this case if i enable it from panorama and push the configurations to local firewall will create automatic device group and templet will be crated are do i need to create it manually. Please help me here @Bpray

saifulla by L0 Member
  • 2699 Views
  • 1 replies
  • 0 Likes

Resolved! Dynamic user group using HIP log tagging

Hi Team, I am trying to create a Dynamic user group using Log settings for HIP logs by the following procedure,1- created one Tag2- Configured log settings for HIP log for build in action tagging the source user with the tag created before3- created a dynamic group with the above tag as match criteria.The dynamic users are not getting registered...

NAT question

Hello all,we have configuration with dual ISP.From the 1st provider we get public IP directly on the PA2nd provider is with nat, i mean on PA we have private IP. When the route goes through the 1st one everything works fine. When we switch to the 2nd one there is a problems . In the monitoring tab i can see all requests to Internet zone ends w...

stef by L2 Linker
  • 4531 Views
  • 5 replies
  • 0 Likes

How export a specific log files from Palo Alto or Panorama like for example brdagent.log ?

Hello to All, How can for example the log fil brdagent.log be exported for checking physical issues like in article https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNcBCAW&lang=en_US%E2%80%A9 or is there a way export all the logs (dp/mp/cp) ? Also should we first aggregate the logs on a firewall model 7000 befor...

GlobalProtect VPN Client Mac OSX Secure Input

I've got a user that uses keyboard maestro (an application) to run macros for software development. The issue is that keyboard maestro requires secure input (Mac OSX feature) to be disabled to be able to run. GlobalProtect since it starts as a service enforces secure input (the Mac osx feature) to be enabled. I've looked through the app config w...

  • 24395 Posts
  • 123 Subscriptions
Top Solution Authors
Labels