General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

SD-WAN OSPF

Hello Team, I just wanted to know that does PA SD-WAN supports OSPF ??Or it only supports BGP. My use case is as below Branch and a Hub to SDWANI have Internet links and Orange MPLS links and I have OSPF on OBS router and on the firewall After config of sd-wan i have Internet links and the SDWAN Tunnels (on the branch) ad also Internet links, t...

Swetang by L1 Bithead
  • 4277 Views
  • 2 replies
  • 0 Likes

URL Block / Continue on SSL - doesn't continue, page just refreshes.

I have a "continue" policy set on newly registered domains category. If I visit a site with https I see the continue page but upon clicking continue the block page just refreshes (the guid in the address bar changes). If I visit the site without SSL, the block page appears, and clicking continue will correctly take me to the site. What have I...

cenders by L3 Networker
  • 2837 Views
  • 1 replies
  • 0 Likes

Apps/Threat out of Sync on Passive Panorama.

On one set of panoramas I noticed that the Apps/Threats are out of sync. The passive device downloaded, but did not install the update like the active device did.The active device is set to sync with peer during the scheduled update. The trouble is that I cannot update the passive panorama because that is considered a policy change. I was wonder...

Resolved! Using public range of IPs

I have a bit of a silly question to ask but my mind is drawing a blank on this. If you have a connection from the ISP, say the static IP range is 14.1.1.0/30....their router is 14.1.1.1 and the PA FW will be 14.1.1.2. Simple enough but what if they also give you a usable range of IPs to use, say 15.1.1.0/27. To use these IPs , would you need...

ce1028 by L4 Transporter
  • 6776 Views
  • 6 replies
  • 0 Likes

File blocking

Dears,I am not able to block msi file via file blocking profile.I have created a file blocking profile to block msi and different types of file extensions to block by the policy.Then I tried to open exe file in the chrome browser which is working fine means block as expected. However, when i try to block msi file. It is blocked at the first time...

Jafar_Hussain_0-1606461774177.png
Jafar_Hussain_2-1606462014421.png
Jafar_Hussain_1-1606461839870.png

Resolved! Interzone Static Routing

Hi all, I'll preface this as I'm the sole networking guy at my job and I'm still green. Apologies for any dumb questions, I've tried to read the manual for relevant info and used my google-fu to no avail. I'm using a PA-3020 on firmware 8.0.6. I've been asked to integrate a new Cisco ASA for a financial system that allows a tunnel between my sit...

Resolved! Status Incomplete

Hello,what does this mean and how to solve it?When doing an show arp all:No MAC is displayed at an IP address. Any help is welcome, thanks in advance 🙂

Davevanwijck_0-1606816998706.png

user-id server monitoring error: NT code 0x800705af

Dear community, I´m trying to add a new AD server to server monitor list in order to retrieve user-ip mappings and get the following error:" WMIC message from server XXXXXXX: NTSTATUS: NT code 0x800705af - NT code 0x800705af " Does anyone have any idea what that means and how to fix it? Thank you!

Carracido by L4 Transporter
  • 2595 Views
  • 2 replies
  • 0 Likes

Resolved! Password Profile

Hi Experts We need to setup a password profile with the no expiry condition for the service accounts which has read only privileges. Version is 8.1 1. If we set the Required Password Change Period (days) to 0 days, does it mean it's expired (with 0 days left) or is it never expire ? 2. And, if we didn't set the password profile to any account w...

Live Community members - we want your feedback!

While we may operate the community from day-to-day, the Live Community is really YOUR community. Sure, we may have ideas about what might be helpful or interesting but since the community is yours and exists to help you, we ALWAYS welcome your ideas, input, and suggestions. Not finding what you need? Let us know. Having difficulty navigating to ...

Resolved! Office 365 App-ID

Hi, We are in the process of implementing office 365. May I know what is the correct APP-ID for the below services? Please share if there is any best practice document for this. Microsoft StreamAudio ConferencingMy AnalyticsAzure Active DirectoryAzure Information ProtectionPrivileged Access ManagementPrivileged Identity ManagementManagement an...

Resolved! HA Cluster Network Topology

Hi Everyone, I'm new to Palo Alto and now I plan to deploy 2 Palo Alto 5250 in HA Cluster mode, each firewall take place in a Data Center. This two Data Center is in same City. That why I think HA Cluster suitable in this situation. These 2 new firewalls is replace for a Cluster Check Point Firewall. After reading all document about HA Cluster I...

QuangLe by L1 Bithead
  • 12546 Views
  • 8 replies
  • 0 Likes

Lot of non-syn-tcp

Hi Experts,we have a lot (I mean a LOT :-)) of non-syn-tcp traffic on our PA5220 cluster. The PA is in an enterprise company. Are we sure that the non-syn-tcp means that there is an asymmetric flow? Let me give you an example: 1) Host A sends a SYN to Host B passing through PA2) PA recognize it properly and establish a sessione in its session t...

paboy1 by L0 Member
  • 11287 Views
  • 2 replies
  • 0 Likes

Resolved! PA 5220 aho and dfa offload

Do i need to enable aho and dfa or not ? Running 8.1.9 on PA 5220 debug dataplane fpga stateaho offload not readydfa offload setupUse software only

MP18 by Cyber Elite
  • 6941 Views
  • 7 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels