General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Frequent connectivity issue- How to collect Globalprotect logs?

I have a user who is complaining about a frequent connectivity issues that happens throughout the day on Globalprotect VPN. I don't see any logs on firewalls but want to check the client logs. Is there a way we can collect logs on GP clients for a whole day but not on-demand(as the issue happens at random intervals)? Thanks.

GlobalProtect: The server certificate is invalid

I am trying to configure GlobalProtect (hereafter: "GP") TLS VPN on a PA-3050 running PAN-OS 8.0.6-h3. I am working with a GP client version 4.0.5. I have successfully configured GP so that I am able to connect when using a self-signed certificate in the SSL/TLS Service Profile used on both the GP Portal and Gateway configuration; however, whe...

PPPoe connecting to Centurylink / Qwest

I am replacing ASA boxes with PA. Currently the DSL modems are set up in "transparent" mode. This means that the firewall makes the "call".The ISP assigned a block of static IP's and at least in case of the ASA I do not need to specify anything else other than the credentials and type of Authentication to connect to the ISP whom in turn hands ou...

A1_IT by Not applicable
  • 6955 Views
  • 5 replies
  • 0 Likes

PPPOE Not Establishing

I am trying to connect a Palto Alto (in Ebano, Mexico) via PPPOE and it will not connect. As described in the PA doucment the interfeace is tyring every 3 seconds but getting the following "'PPPoE session failed to connect for user:u1st on interface:ethernet1/3. Reason: No PPPoE Offer receive" in the system log. A Cisco Router can use the same c...

Permissions for dependent application under parent application to inbound destination

Hi All, I am in the process of migrating from Lotus Notes to O365. The migration requires a ton of IP's being permitted from the outside inbound to my migration servers in my data centers. Rather than call all of those IP's, I am instead permitting any traffic from the outside inbound to these servers on application ms-office365. However, when...

Sip ALG

Hi community,I have seen lot of Palo Alto documents and some blogs saying about ALG functionality issue in firewall.I am facing some issues randomly with ALG functionality in firewall, I have seen documents says to disable ALG in PA, but my sip server/client is not aware of NAT, and I don't have any STUN servers.Does any body faced this kind of ...

HA Upgrade Path 8.1 to 9.1

I have an HA pair of firewalls on 8.1. Do I need to upgrade both to 9.0 and then 9.1 or can I upgrade one all the way to 9.1 and then the second from 8.1. to 9.1?

Monitoring HA state with graphite

Hi there, i am currently working on a grafana dashboard to monitor a pa-3xxx cluster. getting numerical values by snmp with collectd is no problem. and it ist great for displaying the data. collectd can't handle strings, but the ha state ist totally string-based. does anybody know a way to get the snmp output parsed an sent into graphite? is the...

palo_dashboard.jpg
skemena by L1 Bithead
  • 3031 Views
  • 1 replies
  • 0 Likes

Resolved! Jumpcloud RADIUS Auth failure

Hi, I have configured a RADIUS profile to use a "Directory as a service" provider (JumpCloud) for authentication, I have tested this with LDAP and everything seems to work as intended but when I configure the Radius profiles and test authentication via the cli I get the following responseFailed EAPOL auth (-1). Response for user: "bob" from RADI...

Marc_T by L2 Linker
  • 12199 Views
  • 7 replies
  • 1 Likes

Expedition 1.1.88 hangs during XML export due to ASA Tags/Objects

I have a repeatable issue with Expedition. I have an ASA with 3 contexts, no matter how i import them, export refuses to pull out tags cat /etc/tmp shows: Notice: Undefined offset: 0 in /var/www/html/libs/common/xml/panosxml.php on line 1752Fatal error: Uncaught Error: Call to a member function addChild() on null in /var/www/html/libs/common/xml...

what is mean ---authentication cannot have more than one subconfiguration

I use two PA820s for ipsec vpn and used certificate-Based Authentication for IKEThe 820-A version is 8.1.6 and the 820-B version is 9.1.4.820-A configuration ike gateway no problem。820-B will report an error when configuring ike gateway ,authentication cannot have more than one subconfiguration,I attach a screenshot for reference.Do anybody ha...

Felixcao by L3 Networker
  • 3952 Views
  • 3 replies
  • 0 Likes

Allow Sub-URL to Specific IP

Hi All, We've 'abc.com' as primary URL which should be accessed by all. sub URL - 'abc.com/odata' should be allowed to access only to specific Public IP which we mention. Please suggest how we can apply these policy in PaloAlto. Thanks,Sathish

Changing an appliance management IP on a Panorama managed appliance

Hello, I have to reconfigure management IPs on PAN-OS 8.1.x firewalls, which is managed also by a Panorama 8.1.x server. My thinking re process is as follows: Add new policy to allow Panorama to new Mgt IP on applicable firewalls and vice versa.Reconfigure management IPs on firewalls (locally)Reconfigure Panorama device groups etc with new manag...

gcampbe9 by L0 Member
  • 2887 Views
  • 1 replies
  • 1 Likes

Device Health Status

Hi Team, We have few firewalls (5520,5260, 3220 and 3260) managed by Panorama. I wanted to check the health status of those firewall. I found some of them are in Deviating Devices list due to the memory / CPU consumption. For example, in some devices the memory is 18% and it is in Deviating Devices list. Some devices memory utilization is 22 %, ...

How to fix this vulnerability in palo alto?

Hi, Please help to resolve the following vulnerabilityVulnerabilities :1. HTTP DELETE Method Enabled (http-delete-method-enabled)2. HTTP OPTIONS Method Enabled (http-options-method-enabled)3. TLS/SSL Server Supports The Use of Static Key Ciphers (ssl-static-key-ciphers)Thanks in advance

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels