General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ignite 2020 Event Information

LIVEcommunity Ignite 2020 Event Information Ignite 2020, our all-virtual event is right around the corner so we put together information about what you can expect and how to register! Read the blog here. Now that we've shared a little bit more information about the event, we encourage you to use this discussion to engage with us and and a...

ignite20-all-dates_livecommunity-2600x600.png
jennaqualls by Community Team Member
  • 3238 Views
  • 1 replies
  • 4 Likes

IPSEC VPN - Cannot ping across the tunnel. Both Ph1 and Ph2 tunnels are up.

Hi All, I have set up an IPSec VPN tunnel which seem to be up, however, i cannot ping from my local LAN IP on tunnel interface to the other side LAN interface of the tunnel. NOTE - Other end of the tunnel is terminated on ISP network where we are using their MPLS network to connect our global sites. My side palo alto firewall has tunnel.11 inter...

Rutvij by L0 Member
  • 14697 Views
  • 3 replies
  • 0 Likes

Internal host detection when using prelogon then on demand connection

hey guys, so I have finally managed to setup my pre-logon environment and its working great, only problem is now that internal host detection is not working..... it work well on my non-prelogon portal if there any fix for it ? My setup under the pre-logon portal -->Agent has both pre-logon and user logon uses prelogon then ondemand connectio...

Shadmin_0-1602547429638.png
Shadmin by L1 Bithead
  • 4464 Views
  • 2 replies
  • 0 Likes

Resolved! Authentication error after upgrading to 7.0.x

Hi, I've one issue after upgrading for one of my client from 6.1.6 to 7.0.7 regarding Radius authentication. Authentication was successful till we upgrade to the new version. After the upgrade we are getting the error “Number of Access Domains and roles doesn't match for the user". Only local admins can log in but not Radius admins. When I chec...

clienterror.png

RST First packet isn't a SYN flows (RST Both) + Deny action for NFS (?)

Hi Experts, I'm right now dealing with a situation where occasionally I need to reset NFS sessions within an HA A/A PA 5220 cluster (see also https://live.paloaltonetworks.com/t5/general-topics/pan-os-session-table-clearing-gt-no-rst-fin-connection-sent-out/td-p/355556). More generally, how can I configure the Palo Alto Firewall to RST (instead ...

CarloTaddei_0-1602397214713.png
nfs.PNG

3020 randomly shuts down

Hello. I'm hoping that someone might have some suggestions of what's happening here. For the past week I've been dealing with a 3020 that randomly shuts itself down and requires a power cycle to get back online.Thursday and Fri of last week we'd randomly lose internet connectivity. I could still access the Palo from the LAN but we'd need to rebo...

dpsmith by L0 Member
  • 2679 Views
  • 1 replies
  • 0 Likes

Resolved! Using Palo Alto firewall as a proxy (anonymous browsing + URL filtering)

Hi all, We currently have a setup using a Forcepoint Content Gateway for proxy server with an external facing Palo Alto 850. The main we reason with use the Forcepoint appliance is for: 1. "Anonymous browsing" (no leakage of internal IP spaces)2. DLP3. URL Filtering Ideally, I would like to remove this appliance to simplify our setup and I under...

Gregoryp by L1 Bithead
  • 10289 Views
  • 2 replies
  • 0 Likes

PAN OS Session Table Clearing -> no RST/FIN Connection sent out ?

Hi Experts, I have the following situation. I'm running an A/A HA Cluster based on 2 5220 PA Appliances (PAN OS vers 9.0.x) Occasionally (following a failover event) we noticed that some of our Long Lived sessions (NFS + Oracle DB Sessions) active across the cluster do not seem to be properly handled at session table level cluster wide any longe...

Resolved! Book for Palo Alto

Hello Everyone, Hope you all are doing fine. I am new to PA firewall and just started to study PA concepts from PA forums. But i want to purchase book and study from it. Could someone please advice if below book would be good to start from scratch? . I found it on amazon Mastering Palo Alto Networks: Deploy and manage industry-leading PAN-OS 10....

Resolved! Trouble with IPSec Site2Site VPN

I am a beginner in the Palo Alto World.I want to setup a Site2Site VPN to a customer.The customer has a Palo Alto System running.I cannot get the tunnel up.The admin of the customer and me are troubleshooting the problems, but so far nothing is working.The customer site seems to be ok, because he has some other site2site VPNs running.My firewall...

c.keller by L1 Bithead
  • 9893 Views
  • 8 replies
  • 0 Likes

Resolved! HA not working with interface monitoring any

Hello all, i configured HA between paloalto peers , and HA failover as default without definig specifc interfaces and left it to "any" when interface of inside zone shutdown from switch side , failover will not be trigered ? and need to fix it

BPA - Sanctioned apps

This might be a naïve question. But how does it help me/organization going through every single app and marking it sanctioned, tolerated or unsactioned. It seems to me of no use, other than for the reports for executives, while apps still get allowed only after the CAB approval.

raji_toor by L4 Transporter
  • 5020 Views
  • 4 replies
  • 0 Likes

Resolved! Globalprotect VPN tunnel interface-IP address

My global protect VPN's tunnel interface does not have an IP assigned but I would like to assign it a fictitious IP to enable tunnel monitoring/ dynamic routing. will it cause any issues to the remote users? what role does this IP play in the tunnel interface?

Cant commit to panorama - This config has been sanitized

HelloIM trying to modify one of template and create extra account. However i receive this error. Partial changes to commit: changes to configuration by administrators: adminChanges to template configuration: (firewall_template)This config has been sanitized of password data because it was exported by a non-superuser or was part of a tech support...

wjt82918 by L1 Bithead
  • 6139 Views
  • 1 replies
  • 0 Likes

Resolved! Upgrade dedicated log collectors from 8.1.6 to 9.1.4

After upgrading, I can no longer login to the dedicated log collectors via the CLI or serial console.Prior to the upgrade, and I mean just before, I did login via ssh to show system info and see I was at 8.1.6.Right after the upgrade, my intention was to do the same but can no longer login. I tried to set the admin password via panorama and push...

MarkDufault_0-1602179567003.png
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels