General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Dual ISPs, VRs, and BGP Configuration Advice

Hello!

 

Not new to networking, but new to PA, so looking for some configuration advice.  Have a PA-3220 and would like to add a second ISP connection for redundancy.  If that was all then it seems pretty simple and I've found several KB articles on ho

...

ACC tab "Applications using Non Standard Ports"

Hi PA Live Community,

 

Still a newbie to the whole PA world but slowly getting there.

When looking at the ACC tab of the GUI I can see there are entries for  "Applications using Non Standard Ports" and also  "Rules allowing Applications on Non Standard

...

Rule Screenshot.JPG
ACC Screenshot.JPG

Testing non-http mfa feature with GP

Hi there.

 

Documentation is rather slim here. I've set ut MFA for web site access, and it works. When testing it for non-http, accessing a SSH server, it kills the SSH connects, but no 2FA challenge on my GP. 

 

What am I doing wrong? What's needed?

 

I'v

...

gtomte by L3 Networker
  • 10466 Views
  • 11 replies
  • 0 Likes

Resolved! HA1 Backup Down - PA220 9.0.4

Hi All,

I have followed the PA design for creating an HA Active/Passive pair of PA220s.

 

I see however that HA1 Backup is showing red/down.

 

Attached are the relevant sections and a High Level Topology of the HA setup.

 

Any advice?

If I reboot the active

...

HA Screen 2.JPG
HA Screen 1.JPG
HA Screen.JPG
PA Topology.JPG

Resolved! SSL Decryption URL and App Filter

Hello everyone,

I have to block some URLs and applications as per our company policies. Since we dont have a general rule from the inside zone to the outside (Internet), we are very restrictive in our access to the internet, and since there are some w

...

joseglez by L1 Bithead
  • 3420 Views
  • 2 replies
  • 0 Likes

SD-WAN policy name not showing for ping application

In our demo SD-WAN setup we have a couple of SD-WAN rules for ping traffic and also a catch-all rule for all unmatched traffic. For most of the tested applications everything is fine. But for ping (and traceroute) the SD-WAN policy name field in traf

...

santonic by L6 Presenter
  • 2159 Views
  • 0 replies
  • 1 Likes

Resolved! Outbound RDP access

I just heard one of my coworkers saying we need to block outbound access to RDP, I didn't have chance to follow up with him what him because of COVID-19.  I am trying to to understand what would be the reason, is that a best practice possibly?

 

 

Amin2 by L2 Linker
  • 4756 Views
  • 4 replies
  • 0 Likes

FIPS 140 and CC enabling?

Couple of questions on FIPS.

 

  1. When you enable FIPS140 on a Palo it wipes the device. Can you just reload your last saved?
  2. Can a FIPS140 enabled device talk to a non-FIPS device over an ipsec tunnel provided the cyphers are compatible?
  3. FIPS disables PAP.
...

  • 24293 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors
Labels