General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Slow SMB Transfer (and everything else slow) over Global Protect VPN

Hi community Do you also have issues with low transferrates over globalprotect VPN? And maybe already have a solution for this? I tested the following setupClient connected with GBit LAN to the internal network without VPNClient connected with Gbit LAN to the GP gatewayClient connected to the internal network with MTU set to 1400 (like with GP) ...

Remo by L7 Applicator
  • 12946 Views
  • 3 replies
  • 0 Likes

Multiple global protect portals and gateway

Hello, we have 2 palo 850 with 2 isp:primary 1.1.1.1/28 backup 2.2.2.2/28most of the zones navigate with the primary and few with the backupWe have a failover to the backup in case the primary isp goes down.We have globalprotect portal and gateway with a loopback interface all on the primary (1.1.1.5/32) vpn.domain.itThis days we are all smart...

Matteo by L1 Bithead
  • 11220 Views
  • 3 replies
  • 1 Likes

Impact to active sessions when we change a firewall NAT policy

We are going to change a source and destination NAT policy. Assuming the related security policies are in place for both the before and after change connections, are we going to see impacts to those sessions that have been active before the NAT change? For example, the NAT is to change connection source and destination from (10.1.1.1 to 10.11.1...

skuo2020 by L1 Bithead
  • 3768 Views
  • 2 replies
  • 0 Likes

Why traffic log shows that traffic match allow policy but the result was reset by default deny policy?

Does anyone have following experience and could give me some idea to fix this issue? Thanks a lot ~ I found sometimes the traffic log shows that traffic match allow policy but the result was reset by default deny policy. For example: I have a policy for allow some users to access TCP 58975.I checked traffic log and I found traffic be reset by in...

圖片1.png
圖片2.png
圖片3.png
neilwu by L2 Linker
  • 2778 Views
  • 1 replies
  • 0 Likes

Unable to access the https://panwdbl.appspot.com

Hi All, Today we have a PA Firewall and MineMeld unable to access the https://panwdbl.appspot.com is this down or decommissioned. Tried going to this URL and I get a 404 error? Has this page moved and I missed a notification, down for good or just an outage? Obviously impacts some of the EDL. Regards James Chim

http://panwdbl.appspot.com - Not Working

Do you make use of the EDLs available here? If you do you may have noticed they've disappeared, Google says the page doesn't exist. You may want to look for alternatives if you're using these lists. Jason

ethiSEC by L2 Linker
  • 6538 Views
  • 3 replies
  • 2 Likes

PBF for Guest Network

Hello, I'm trying to route all GUEST traffic on a PA firewall to ISP-2. I understand you can use PBF on the PA firewall to route based on source address. I don't have a lot of experience with PBF and have encountered a few issues when trying to implement this. Some questions I have1). Do I need a 2nd VR to do this? 2). Do I need 2 new security ...

jocisneros_coe_1-1614805195327.png

Resolved! Application dependency Warning

Hello, We implemented the blocking policy for the custom URL categories however now once committed we receive commit warning like the following: Application 'dropbox-base' requires 'web-browsing' be allowed, but 'web-browsing' is denied in Rule 'outbound-advertisement-block'Application 'google-drive-web' requires 'google-base' be allowed, but 'g...

Farzana by L4 Transporter
  • 8674 Views
  • 6 replies
  • 0 Likes

BGP show Local RIB before Import filters

Hello, After applying Import filters in BGP the Local RIB is reduced to a filtered set of routes advertised by peers. However it seems to be impossible to see what the original set of advertised routes is. The peers are still advertising these routes, but there seem to be no methods in the GUI or CLI (show routing, debug routing ...) to see thos...

Resolved! Panwdbl.appspot.com unaccessible

Hi All, Looked at my nodes today and it looks like https://panwdbl.appspot.com is down or decommissioned. Tried going to this URL and I get a 404 error? Has this page moved and I missed a notification, down for good or just an outage? Obviously impacts some of the DBLs I have. Regards Adrian

a.jones by L3 Networker
  • 19024 Views
  • 8 replies
  • 0 Likes

Failed to setup Local log collector on Panorama VM

Hi community, I want to setup new panorama VM to replace old panorama M-100 and accept new devices.I have deployed a vm on ESX with one disk of 81Gb and second disk of 2Tb.Panorama running version 8.1.13,you can see partial output of show system info to understand system mode and ressources allowed to VM.**********system-mode is panoramaoperatio...

vmplayer_ih9AGwttKU.png

Mac OS Big Sur support

I have accidentally upgraded to Mac OS Big Sur, since then Global Protect app is not able to connect to VPN. Should I expect Global Protect to work on Big Sur already? Or is it on the way? Thanks

Resolved! Meraki and Palo side by side with Palo using BGP

We currently have this setup in our datacenter. The Meraki HA pair is the VPN endpoint for our 120+ remote sites. In a DR situation the datacenter has IP mobility, where our current static IPs will failover. This setup uses BGP through the Palo. With BGP enabled on the Palo HA Pair and datacenter’s internet the Meraki HA pair is inaccessible, wh...

setup.jpg
Screenshot 2021-03-02 132554.jpg
  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels