General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Upgrade PanOS On/Off Site Spare failure

Hi all, Figured I'd ask here before contacting support. Last weekend I upgraded my production PA's from 9.0.9 to 9.1.5. Everything went smooth. Due to company requirements we are to upgrade the software on the OSS box, yet it fails with content update. I have downloaded the latest content, panupv2-all-apps-8336-6373, and was able to upload it th...

Capture1.PNG
Capture2.PNG
Capture3.PNG

Resolved! Reverse proxy for Outlook to Exchange

Hello, Checking with the community if anyone has either tried this or is doing this. Scenario: Exchange on prem, external users using Outlook Have the PAN reverse proxy the connection from the Outlook client, external to internal traffic, to the Exchange on prem environment. So have the PAN SSL decrypt the Outlook traffic, inspect it, reenc...

Skip decryption for a certificate chain

Since all public CA's are not supported for decryption. How can we skip the decryption rule for those not supported so we have less tickets and lesser bad reputation. We can't have the list of all the websites from these unsupported CA's.

raji_toor by L4 Transporter
  • 5600 Views
  • 7 replies
  • 0 Likes

Degraded services after introducing Vwire + link aggregation deployment

New guy, trying to deploy a new Palo Alto 3260 to my internet edge for extra protection - When I bring my Palo Alto 3260 inline at my internet edge, I start to experience severe packet loss almost immediately. It affects VDI View sessions and our Cisco Anyconnect solution, that live behind the Palo Alto firewall. I'm using this PA FW, temporari...

Resolved! HIP Profile monitor only initially

Hello , We have got requirement to implement HIP profile for GP users ; But first we want to run it in Monitor mode without any enforcement or without blocking any users Below are the requirements OSWindows 10 AVMcafeeAV updates not older than5 daysPatch management/Disk encryptionEnabledFirewallEnabled So do i just have to create HIP Object w...

Resolved! Use office 365 as email relay?

Did I miss the option that allows one to configure a port, TLS, and authentication on the mail profile? We've moved to Office 365 and would like to send alerts/notices from our remote firewalls directly to the office 365 servers. We can use an iis relay as a solution to the issue but we would prefer the firewalls send direct to Office 365. TIA!...

GP assignments to DNS servers

Hello!Does anyone knows if it's possible that the information of IP assignment/deletion for Global Protect users could be updated to Windows DNS servers? Thanks a lot

BigPalo by L4 Transporter
  • 2118 Views
  • 1 replies
  • 0 Likes

BGP related query...

We have configured three interface :-1) Trust Network- Behind eth1/12) Untrust Network- configured on 1/63) Azure network:- Configured on 1/9 - We are planning to configure BGP in VR . Our Objective is:-1) BGP peering would be with ISP router connected on eth1/9.2) Only 1 host Server behind eth 1/1 can learn BGP routes and all other subnets an...

Correlated Event Log Fields Lacking

Is it me or is there no way to include the actual URL that was accessed by a network source in a "Correlation Log" event (v9.0.9 firmware) . From what I can tell on, other than a generic message like "Host visited known malware URL (X times)". It would be great to know "what" was accessed in the same event so that information can be made availab...

How to pull Custom Reports using API

Hi all,I have created some Custom Reports by GUI, query: action allow & addr src=<IP_address>.Now I am trying to pull those Custom Reports via API, but I cannot find documentation for this.Can anyone please let me know how to pull created Custom Reports using API from the Panorama.Thank you very much!Regards,

nguoiech_0-1603878899780.png
nguoiech by L0 Member
  • 2856 Views
  • 2 replies
  • 0 Likes

Panorama Confusion

I have a PA-3020 V8.1.7 and Panoram V8.18 VM (ESX) I simply require Panorama to both manage the 3020 and collect it's logs. I have tried to follow endless instructions on how to achieve this but now seem to be struggling with different Panorama modes and log collectors... I have added the additional 2T disc as required and although I can manage ...

Mick_Ball by L7 Applicator
  • 12759 Views
  • 15 replies
  • 0 Likes

FAILOVER IP with PALOALTO

Bonjour, Je suis nouveau sur ce forum veuillez m'excuser si je suis dans la mauvaise catégorie du Forum. Nous possédons 2 routeur PALOALTO series 800 en HA ACTIF/PASSIF.Vu que nos switch's ne sont pas compatible avec le NLB (Network Load Balancing de chez MS) nous souhaitons voir côté Routeur.Est-il possible de faire du FAIL-OVER IP sur les Rout...

ilyasour by L0 Member
  • 2732 Views
  • 2 replies
  • 0 Likes

Resolved! Unable to login to Minemeld WebUI

Hi, I created a new Minemeld instance on VMware fusion but unable to log in using the default username/password. I get this error "Error checking credential: bad gateway" Can someone please help. Logs ======= sudo -u minemeld /opt/minemeld/engine/current/bin/supervisorctl -c /opt/minemeld/local/supervisor/config/supervisord.conf statusmineme...

Traffic and Threats not visible in Panorama Monitor despite logs are send from FW to Panorama

It's a while since our system of 3 HA Palo Alto Firewalls stopped showing logs in Panorama. The logs are generated and forwarded to Panorama as in next two pictures:Panorama-receiving logsOne of FW sending logsTraffic and Threats not visibleOn one of webpages it was suggested we need additional license for wieving logs in Panorama? licensesSumm...

panorama-receiving-logs.jpg
firewall-sending-logs.jpg
panorama-gui-not-showing-traffic and threat.jpg
panorama-licenses.jpg
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels