General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

What is the role of an IP address on a tunnel interface?

I noticed that in some of our SOHO sites, the tunnel interface for VPN to the data center has an IP address and in other cases it does not. Can someone explain the value of having an IP address on the tunnel interface versus not? I'm working through an arp cache issue that arises on a SOHO site which does not specify an IP address but the site...

Resolved! virtual router to virtual router communication

hii'm using vm series, and i have 2 virtual routers, each of them has it's own lan and wanhow can i make the lans connect to each other? i've tried to do static routing but the traffic doesn't go through. what's the correct way to do that? thank you

Critical System Alerts on a PA-220

Hello,We recently implemented a secondary line on our network and were testing the failover process. Everything worked well, however, we realized that we were not alerted of the primary circuit going down or recovering. It was confirmed when looking through the system log that the failure and recovery were reported, yet no emails was sent out....

vanglee by L1 Bithead
  • 4782 Views
  • 5 replies
  • 0 Likes

HIP Checks for Browser Version

I have a customer that would like to limit GP authentication based upon browser version running on the clients. They would like to collect all browser versions and then start blocking connections from clients below minimum settings. Trying to figure out how to do this but not seeing any straightforward method to collect all web browser versions...

Panorama Task Manager History

Does anyone know how far back the task manager log should be in Panorama? I am seeing ~60 entries that go back only about 1 day in the GUI. The show jobs all command shows even less history. Chris

How to safely allow downloading files from AWS CDN

Hello communities, I am having problem and need to have your advice. Currently, downloading files is not allowed in our network. However, there is a business requirement to allow download some report files (pdf, exel, word...) from a website which is hosted on AWS. There is not hard to controll website accessing using websites' FQDN but when the...

tienngo by L2 Linker
  • 3325 Views
  • 1 replies
  • 0 Likes

Resolved! Panorama upgrade failed

Hi All, I'm currently running a virtual panorama 8.1.x , trying to upgrade to 9.0.10. The upgrade failed with below error. Panorama is currently in legacy mode. The system disk is 50GB, there is also an additional 500GB disk. 4vCPU and 16GB of ram. I believe my issue the system disk is too small. I'm aware of this link to migrate the syst...

MikeC by L3 Networker
  • 4815 Views
  • 2 replies
  • 0 Likes

Global Protect Portal responding to Radius challenge

I have setup the Global Protect Portal to authenticate with a Radius server. I can see that it's working after submitting a correct username/password combination, but when the Radius server sends back a challenge for the user to enter a PIN for 2FA, upon entering the PIN the global protect portal does not seem to send the request back to the Rad...

PA-220 radius authentication for management

Hi All, I am trying to configure my PA-220's with Radius Authentication for management access am having some issues around the configuration.The PA-220's are running PAN-OS 10.01.I have created an Admin Role, Authentication Profile and a Radius Server Profile.I have created a Radius Client and Network Policy using the Vendor Specific 25461 attri...

Scott64 by L1 Bithead
  • 2213 Views
  • 1 replies
  • 0 Likes

GP is unable to Sign In IPhone when Connect on Demand Option is Enabled.

Hi Team, I have an issue that, When the Global Protect App is installed on an IPhone / IPad. We are unable to Sign-In / Connect to VPN if the "Connect to On Demand" option is in Enable state. If we disable that option and then tried to Sign In / Connect the VPN we are able to connect. Just want to know the reason behind this why it is connecting...

SahulH_1-1601901920037.png
SahulH by L3 Networker
  • 2354 Views
  • 1 replies
  • 0 Likes

Resolved! Stupid question time........

Let's say I have an objected named "Pizza" with an ip of 10.10.10.10/32 and it is in use on a security rule.I create another object named "Pizza1" with an ip of 0.10.10.10/32 and use it in a different security rule. Could that create a problem with the first rule assuming different let's say destinations or APP-ID/Ports?

Integrating Minemeld Taxi with Cisco ESA

Hi All, I am trying to set-up Taxii output in Minemeld with Cisco ESA and I am receiving below error. The Warning message is: THREAT_FEEDS: Unable to fetch the observables from the source: CofenseTaxiiMinemeld after 3 failed attempts. Reason for failure: Taxii Error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)...

Inbound SSL decryption troubleshooting on PANOS 9

I am trying to configure URL filtering on an internal SSL web host and having problems. I've found multiple videos and articles on both URL filtering and inbound SSL decryption but I cannot get it to work. I've taken a step back and am just trying to verify the SSL decryption is working. I have uploaded the SSL cert (PKCS12 format) no problem...

acravens by L0 Member
  • 4870 Views
  • 3 replies
  • 0 Likes

PA220 HA shutdown problem

Hello, I have an active/passive PA220 cluster which unfortunately had a shutdown and now I want to find out what exactly the reason was.At Monitor -> System: HA Group 1: Dataplane is down: dataplane exit failureHA Group 1: Moved from state Active to state Non-Functional HA Group 1: HA heartbeat backup information has been used for HA state ch...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels