General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Thank You for Filling Out the LIVEcommunity Experience Survey!

If you've visited LIVEcommunity anytime recently, you've probably seen a pop-up asking for your feedback. We've deployed this survey since April 2020 for new and returning visitors alike as a way to gather feedback from our users. 

 

In the past six

...

survey-livecommunity.png
jforsythe by Community Team Member
  • 14544 Views
  • 1 replies
  • 4 Likes

Resolved! Load Partial Config: merge vs append

When loading a partial config you have 3 options:  replace, merge, append.  I can't find a description anywhere as to what exactly each of these does!  Especially between merge and append.  I did see this KB article but it really doesn't explain the

...

mausmus2 by L3 Networker
  • 7356 Views
  • 6 replies
  • 0 Likes

ACS Accounting to PAN

I have Cisco WLC and use ACS for radius authentication.  I'm trying to configure PA FW to use those accounting logs for User ID.   I'm following this article but it's not working https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000

...

MikeC by L3 Networker
  • 599 Views
  • 0 replies
  • 0 Likes

Packet Flow Sequence and Application Override

Hello everyone,

I have a question regarding the "AppID override" ,

In this article "https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVLCA0" we can read the following:

"
Special Note about Content and Threat inspection
Applicatio

...

Resolved! TLS 1.3 is Coming - How to deal with it????

My security counter parts came to me letting me know that in Chrome version 70.X+ TLS 1.3 will be turned on by default.  This appears to be causing problems in our current firewall deployment:

 

A/P HA-par 5220s running 8.0.10 (soon to be 8.0.12).

 

It l

...

TLS_Error.png
TLS_1.3.PNG

Problems with ping due to SSL decryption

Hello

we have PA 220 model

and when we implement SSL decryption we can observe the ping delay in our trust interface.THE cpu load is 50 %

when we turn off the SSL decryption everything is normal

Radmin_85 by L4 Transporter
  • 1218 Views
  • 2 replies
  • 0 Likes

Resolved! Cannot access PAN Webgui

Hello,

 

Recently we performed a decrypt change to allow website to bypass decryption.

Now no user can access the PAN Webgui https.

Tried in different browsers and from different machine but no change.

Connection to FW via putty session is fine. 

We have r

...

Webpage.jpg

Issues with the MineMeld Microsoft EDL's

For the last couple of weeks we are running into an interesting issue with our Office365 EDL's.  We pull the Office365 API based IP/URL list into Panorama using MineMeld.  This process is working perfectly.  We have compared the output within MineMel

...

Need information on DHCP Relay

Hello. To start I had a DHCP server configured on one of the interfaces on our Palo 810 PanOS 8.1.2. The DHCP addresses being handed out were not being registered with our DNS server so I was tasked to make that happen. I figured I would just set up

...

IPsec tunnels, VPN features & licensing

I have a few PA 200's all with base license ready to install for a multisite company that needs a full mesh all over broadband internet. I am willing to manually configure each IPsec tunnel one by one if that is a free option that does not require ad...

Full mesh for multi site over broadband

I have a few PA 200's all with base license ready to install for a multisite company that needs a full mesh all over broadband internet. I am willing to manually configure each IPsec tunnel one by one if that is a good free option that does not requi...

How is sliding sequence window made?

Hello,

 

I found below on manual:

The Palo Alto Networks Firewall creates a sliding sequence window starting with the original ACK (the window size is based on the type of traffic within the session). It is expected that the packet sequence numbers with

...

yhlee1 by L2 Linker
  • 1010 Views
  • 0 replies
  • 0 Likes
Top Liked Authors