General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Is Anyone Able to To Set Up Google Authenticator For CSP Access?

This in regards to accessing the Palo Alto Customer Service Portal (CSP). We have enabled 2FA at the system level for CSP access and are using email for 2FA. I am following the directions here for setting up Google Authenticator instead of email for 2FA access. How to Enable Google Authenticator - Knowledge Base - Palo Alto NetworksHowever I a...

Resolved! EDL IP list entry..

Hi Team, We have EDL configured and there are many IP entries in that EDL but now for some reason we have to keep source address in edl as blank. Can you confirm that removing source address will not impact the list of IP entries in that EDL since we want entries to keep using. Thanks,Om

Resolved! MSMQ (TCP1801) - Unknown TCP

Hi guys,I have an issue allowing traffic between different components of the SolarWinds on port TCP/1801 for the application "Microsoft Message Queuing (MSMQ)". The traffic is recognized as unknown-tcp. I tried to identify an application that could match msmq but no success. Since this is Microsoft app, I'm pretty sure I miss something since I c...

BogdanS by L0 Member
  • 3740 Views
  • 1 replies
  • 0 Likes

Resolved! The installed version of PanOS on my pa-3020 is different then the installed version listed on my name configuration snapshot. Is this a bug?

On my pa-3020, we have PanOS 9.1.4 installed, 9.1.4 is shown as the installed version on the PanOS web UI. However, when looking at the name configuration snapshot, the name snapshot says the installed version is 9.1.0.Is this a common error to see a different version installed on the pa-3020 PanOS web UI, and what PanOS says is installed on th...

Resolved! Enabling IPV6 S2S site to site VPN tunnel

Does anyone know how or were I can locate documentation on enabling and adding IPV6 IP into my existing VPN tunnel? I have been looking in Beacon training but I cant find what chapter or training this actually falls under. All I was give from the customer were IPV6 Ips that I have to add to my FW. FW is on 9.1.6. Thanks in advance for the help.

Resolved! Request to Palo Alto to add internal scripting options like Linux/Unix crontab/cronjob etc.

Hello Palo Alto, I have seen many issues where the customer needs to restart the managment server service because of a memory leakage bug and having the option to schedule a command like "debug software restart process management-server" (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaGCAS ) or the web processes ('...

Data Filtering timers and inner workings

Hello, Live Community! I've been using Data Filtering profiles for a while now and they work really well, but it has come to my attention that I don't really know some of the inner workings of it, specially today when someone asked me about it, so... Does DF work with timers? I mean, what's the time range for detecting a data pattern/regex/file ...

CMachado by L2 Linker
  • 3098 Views
  • 1 replies
  • 0 Likes

SolarStorm attack - Share your thoughts

Hi everyone, we know there is a lot of news about the SolarWinds supply chain attack (SolarStorm Attack), and we want to let you know that we are here to help and want to make sure you have all the resources and information you need. We put together a blog sharing all the different ways Palo Alto Networks can help you navigate during this time....

agalindo by L1 Bithead
  • 9671 Views
  • 7 replies
  • 7 Likes

active/passive BGP - Data plane VLANS

Hello, I'm doing an active/passive set up with BGP. I will have a router to a the active FW. I will have different router to the passive FW. The second FW will only have BGP peers up when the active FW fails. I am going to have VLANS for the HA 1 and HA2 links. Do I need to have the data planes (data port dmz interfaces) spanned across the FWs...

Jedi_D by L2 Linker
  • 2384 Views
  • 1 replies
  • 0 Likes

Resolved! Can't get traffic to GP VPN clients

I'm trying to figure out how to get traffic from my internal network to my GP VPN clients. At the moment I can't even ping the remote users. They can access all corporate resources without issue I just can't seem to get any traffic out to them. It seems I have this issue with any tunnel.xx interface. Is there something obvious here that I'm miss...

Resolved! CLI - view pending changes by user from CLI

Hi all - if I have a user account that is submitting changes via the CLI, is there a way to see all the changes made by a certain user? Also, is there a way to commit changes for a certain user only? The only "commit" operation I see from the CLI is 'commit-all' and it looks like I can specify what to commit by object type - template, template-...

Resolved! What is the best way to import a device state to an old device

Recently we faced an issue with one of the firewalls so we thought to replace with a spare one. we took the device state backup and imported it into the Spared firewall. It was running the same OS and same hardware. But It was NOT factory reset, it has the configuration and we didn't do it factor reset and uploaded the device state backup. but t...

vsingh by L2 Linker
  • 10262 Views
  • 8 replies
  • 0 Likes

How do I remove diffie-hellman-group1-sha1 from SSH on mgmt port? And how to push it via Panorama?

Hi,How do I remove diffie-hellman-group1-sha1 from SSH on mgmt port? I've removed the CBC ciphers, but my vulnerability scanner is still showing that diffie-hellman-group1-sha1 is still available for SSH. I'd also like to know how I enforce SSH server ciphers or other parameters on management ports via Panorama. I have about 60+ firewalls of var...

User ID v. UPN

We are moving to Office 365 and standardizing on UPN for identification. This required that we create a new UPN suffix for our AD domain. We decided to have our UPN match our email address format. Below are samples of each attribute format: FQDN for AD Domain: foo.domain.com NetBIOS Name: FOOImplicit UPN: [email protected] UP...

mchaffin by L0 Member
  • 6428 Views
  • 2 replies
  • 0 Likes

Resolved! Palo Alto 7000 heartbeat backup icmp fail

Hello to All, From time to time the ICMP fails for the management connection between two firewalls model 7000 with 8.1.x version. The issue causes a failover but the 7000 firewalls have dedicated interfaces for HA and the management should be used only for Heartbeat Backup as described in https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-ad...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels