General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Avoid Attack from outise in PA

HI, 

 

We are having attacks from outside to DMZ. Many diffrents ips are attacking our public range. These attacks are causing packet buffer 100% and CPU 100%, doing an outage in our network. So in traffic logs we can see all sesiones being denied for

...

BigPalo by L4 Transporter
  • 3963 Views
  • 8 replies
  • 0 Likes

Global Protect with Azure MFA issues

PA3020 PANOS-8.1.7 GP-4.0.7

Using Radius server for auth.

Radius talks to Azure MFA for 2 factor auth.

Having timeout issues.

Sometimes user not getting MFA prompt on the phone.

If the get MFA prompt they will get auth errors.

 

 

Panorama help : How to reset rules hit count

Hello everybody,

 

I have to reset three policies usage in Panorama 8.1 firewall but in this version is not available this option in the GUI.

 

I guess I can do it from the CLI.

 

Can anyboy help me?.

 

Thanks in advance.

carlostg by L1 Bithead
  • 4916 Views
  • 1 replies
  • 0 Likes

Restart is disabled because no ike sa was established

We have IPSEC tunnel to vendor.

Tunnel is up 

Gui shows Phase 1 is red.

I can ping the IP on the tunnel on vendor side  which is Gateway for Vendor LAN.

Unable to ping the LAN IP on vendor side.

 

PA shows traffic is passing but nothing coming back from ve

...

MP18 by Cyber Elite
  • 2783 Views
  • 2 replies
  • 0 Likes

Firewall rules suggestion

Hello

 

I would like to have advices regarding firewall rules. I'm deploying a PA-3220 on my main site (site A). On this main site, I have several zones configured on my PA3220 (user, servers, dmz Intranet,). I have also 5 remote sites.

 

I must create a

...

Resolved! File Blocking rule logic

The following KB article states that the File Blocking rulebase is not top-down but based on action precedence. The article fails to mention anything on the function of the application column with regard to processing logic:

https://knowledgebase.palo

...

Allow traffic after "decrypt-error"?

Is there any way to allow traffic after "decrypt-error"? I get a lot of decrypt-errors showing up in the logs when SSL decryption is enabled. Most of it is from amazonaws.com (even though I excluded it from decryption). I would rather just allow the

...

Maxstr by L3 Networker
  • 12703 Views
  • 2 replies
  • 0 Likes
Top Solution Authors
Top Liked Authors