General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! PA-820 Terrible throughput

Hi All, I have a PA-820 running 10.0.3. Lately my main connection was a DSL connection that limited me to 12/1 (on a perfect day). However I finally got on to the Starlink Beta, hung the dish and started getting items setup. When I pass any traffic through the PA, I am limited to <14Mbps down, <1 Mbps up. I have a very simplistic rule set,...

JCRUM12 by L1 Bithead
  • 5551 Views
  • 3 replies
  • 0 Likes

Trouble routing VXLAN traffic as it enters the outside interface

Hello community,I am attempting to create a VXLAN over IPSec solution between my PA-3250 and a remote Fortinet FortiGate 61E. I have managed to get things configured correctly on the FortiGate (I think) as I am seeing the traffic entering on the Palo side. I am using Tunnel Inspection on the Palo side and it appears to be set up correctly. In th...

Want to use IPv6 for bi-directional nat for VC.

Hi, Want to use ipv6 for bi-directional natting only for VC. Want to know the procedure on how to configure it. I have tried https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/networking/nat64/configure-nat64-for-ipv6-initiated-communication.htmlthis link but when I commit the configuration it's got failed.

Resolved! Problem acknowledging alarms

I have an issue where I click acknowledge alarm several times, but the firewall refuses to update the status of alarms to acknowledged. Is there some absurdly long undocumented lag? Anyone else have a similar problem?

PA OOB Managment Interface question

How can I get PAN updates via the MGMT Interface if its on an isolated network inside my organization. NOTE: Its not on the internal zone. The route is working as i can see my packets leaving via egress when i ping from the host connected to the MGMT port. I want to avoid using Service route configuration via the external facing interface. Cheers!

supruzer by L0 Member
  • 3032 Views
  • 2 replies
  • 0 Likes

How to control reverse DNS lookup through DNS SecurityLicense

The user was trying to send a mail from internal to external domain but it is blocking by sinkhole because it is showing as malicious traffic, however, we are able to receive from that malicious domain, Can we block reverse mail from an external server to internal using DNS license. In my case, it has received. Eg- User mail is [email protected] and ...

Resolved! Not able to see new threat ids

I have updated firewall contents to new version. After update also still I am not able to see newly added threat id under vulnerability protections profile under panorama. I can see those ids locally on firewall but not on panorama. Wha could be the issues? Any help would be much appreciated

BK0007 by L2 Linker
  • 4390 Views
  • 4 replies
  • 0 Likes

FTPS connection impossible with AntiVirus, AntiSpyware or vulnerability protection is enabled

I have an FTPS server behind the PA. When I enable either AntiVirus, AntiSpyware or vulnerability protection with default profiles it is impossible to connect to the FTP server over TLS. The below errors are seen. When I disable these protections I'm able to connect. Regards,Han. Command: PASVResponse: 227 Entering Passive Mode (xxx,xxx,xxx,xxx,...

Han.Valk by L2 Linker
  • 7177 Views
  • 8 replies
  • 0 Likes

Resolved! How to prevent my firewall to stop responding to external DNS queries

Hi ,currently if anyone from public network uses the external IP of the firewall as a DNS server and try to send DNS query , my FW is responding to that queries which is high risk .how to stop FW from responding to any DNS queries knowing that the DNS proxy is not configured and our DNS security subscription is expired .

How to submit incorrect app classification?

I'm having some difficulty navigating this site. I want to submit the application "Xbox Music" as streaming music (http://music.xbox.com). Currently it's being classified under "xbox-live" (online gaming).

Maxstr by L3 Networker
  • 4218 Views
  • 3 replies
  • 0 Likes

Registering a PA-850 (won't allow me to register the device)

Hello everyone, My company recently purchased a used PA-850 from an Ebay listing. I have been trying to register the device so I can update the OS Version. However, when we attempt to register the PA-850, the system throws an error saying it is unable to find the serial number. Is this because the device is registered to another account alread...

How to force GlobalProtect user to always connect to portal

Hi Guys, For couple of reasons, recently I started to think - Is there a way to force the users to always connect to the GP portal first and don't use saved gateway config? I have noticed that we have lots of users connecting straight to the GP gateway and haven't been connected to GP Portal for days. I am trying to figure out a way to force the...

Not able to push and commit from the panorama.

Dears,I have added my firewalls in a panorama. but sometimes i am getting the below commit error:- VPN-SSL is not a newly created object. it was there since i added the firewall in the panorama. And the issue occurs intermittently.Panorama version - 9.1.2Firewall version- 9.0.8 your suggestions appreciated.

Jafar_Hussain_0-1608100763099.png

Múltiple Proxy ID PAN - Migration from FG using group address.

Hello guys! I'm on a manual STS VPN homologation from fortigate, and I have address pools declared in the encryption domains, which translates to too many proxy id's for palo alto, is there any way to configure this without having to generate so many proxy id? I know you can't use groups, but can you do something with variables or any ideas? Tha...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels