This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! About APP-ID icmp and ping.

Hi guys.I have question about APP-ID that ICMP and PING. I found that some document said "ICMP is all of icmp procol and PING is only ICMP type 0 and 7 is echo request and reply".When we have white list security policy, For open a PING application, Shoud we open ICMP and PING also? I think they has got app-dependency so ICMP must be opend and al...

ttongfly by L3 Networker
  • 10196 Views
  • 4 replies
  • 1 Likes

Adding L3 to vWire PAN

I currently have a PAN 3220 sitting in serial behind a Cisco ASA. The PAN's doing the higher level inspection, geo, correlation warnings, content filtering. I had written earlier on the forum about wanting to implement layer 3 on new interfaces and it sounds possible. I've added interfaces inside and out and marked them as layer 3 and added them...

palomed by L3 Networker
  • 2981 Views
  • 2 replies
  • 0 Likes

Resolved! Certificate ca status from the CLI

I have successfully loaded my device certificate and a CA certificate from the CLI - took some seraching for format of the certificate strings, but they're in there now. One problem. In a firewall I have previously set up I show (in set format) the certificate stanza:set shared certificate wanroot subject-hash ffffffffset shared certificate wanr...

Palo Alto OSPF routing./wild card mask configuration.

Folks,For OSPF configuration on the Cisco router, we normally define a wild card mask. e.g. network 1.1.1.0 0.0.0.255 area 0.What this configuration tells the Cisco router is to form OSPF neighbor with all IP address that being with 1.1.1.x IP address. Do we have any option of configuring such a wild card mark on the Palo Alto firewall? Or on t...

nson2139 by L3 Networker
  • 2787 Views
  • 1 replies
  • 0 Likes

Trouble with multiple IPsec VPN Tunnel

Hi all,I'm a fresh man to paloalto devices and I'm facing a problem.Site A has a subnet 192.168.100.0/24. Site B has 192.168.40.0/21. Both sites use PA820.Site A has a IPsec tunnel to Site B. This tunnel is running good.Now we have a new Site C, 192.168.52.0/24, using a non-paloalto firewall. I can set up a tunnel between B and C , C can access ...

mercurr by L1 Bithead
  • 6251 Views
  • 6 replies
  • 0 Likes

want to create two region in same country.

Hi, I am facing an issue regarding the region configuration. I want to create two custom regions. I have tried, in the name, I added India and checked geolocation and added the coordinates of a city. This scenario is working. When we keep the city name (for e.g. Mumbai) and added the coordinates of the city it is not working. And we cannot keep ...

File Blocking feature not working with owncloud-uploading application hosted on NGINX web server

Hello everybody, the thread subject is pretty self explanatory. I'm playing with the file-blocking feature and doing some testing. What I've found in my lab environment, using both PAN-OS 10.0.1 and PAN-OS 9.0.9 and both VM-Series an PA-820 appliance, is that file blocking is not always working with application owncloud-uploading. I have a fil...

grenzi by L3 Networker
  • 4583 Views
  • 2 replies
  • 0 Likes

LSVPN versus Cisco DMVPN

Looking for some feedback on anyone's experience with both/either. In the Cisco realm say a mesh of 50 some sites each router has a tunnel between each site and a connection can go direct to the other location because routing is shared across the entire mesh. In Palo's LSVPN solution is that how it works as well? Are routes shared between each ...

view the urls hitting default interzon policy

Hi team, We have a url filtering profile created for monitoring with action of all category as alert. And this profile has been called on default interzone policy (action deny). But nothing is gets logged, we have many traffic hitting default interzone policy and the aim is to monitor urls hitting this policy. Can anyone help on this?

Resolved! LACP PROBLEM

Hi all, I have some problems with LACP. Sometimes, randomly, the interfaces move out of AE-group.I can see from log this error message: "receive PDU partner does not match local actor ".Below the file l2ctrld.log . 2019-09-17 23:19:54.588 +0200 ethernet1/10 idx 73 received pdu partner does not match local actor 2019-09-17 23:19:54.588 +0200 R...

Chango by L1 Bithead
  • 45057 Views
  • 10 replies
  • 1 Likes

GlobalProtect Version 5.1.6 has Browsing Issues on MacOS 10.15.6/7!

Last week I updated GP on our 5250 firewall from 5.0.4 to 5.1.6, which according to this website is the recommended version to use. After MacOS users updated their GP adapter on their laptop, many of them started to have connectivity & surfing/browsing issues! Until now, I know for sure that this problem affects MacOS versions 10.15.6 & ...

LACP Nego-fail issue between firewall and CPE router - Expected Behaviour?

Hi Live, I'm experiencing an issue with a setup of aggregated ethernet interfaces configured with LACP simply for redundancy connections between our HA Active/Passive firewalls and Cisco ISR 4451 routers. I'm wondering what steps to take as regards packet captures on firewall interfaces to figure out why negotiation will fail.Or is this expected...

SirchRettop_1-1603974307593.png
SirchRettop_0-1603973539042.png
SirchRettop_2-1603974600046.png
SirchRettop_4-1603975405930.png

License expiry

We're waiting for our new licenses to come through and getting a little nervous, of particular concern is our PAN-DB license which has the expiry date as 11/2/2020. It is my understanding that custom categories will work and it's just PAN-DB look ups that will not - what about the Allow List in the URL filtering security profile? (it's an old v...

kradmin by L0 Member
  • 2390 Views
  • 1 replies
  • 0 Likes

Resolved! How to access to linux mode in PA ?

Hello community, Can you help me with this? I need to know if its possible to instal Nagios Package into Palo Alto, hence how do I get access to the Linux Based Commands on the platform, I understand that PA is build upon Fedora. Any guidance will be much appreciated

Apadilla by L3 Networker
  • 24353 Views
  • 5 replies
  • 0 Likes

Anyone knows good tool/excel macro for searching egree interface?

*** I know Expedition Tool might have this feature, though please reply with others if possible *** The customer gave me one config which includes 500 static routes, 10000 address objects and 2000 serurity rule (without zone information...imagine cisco ASA or Checkpoint config)I want to determine src/dst zone for each security rule.To do, I need...

emr_1 by L6 Presenter
  • 2407 Views
  • 1 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks