General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Replace 5050 with 5250

Customer is replacing a 2 pair of 5050's multi-vsys with 2 pair of 5250's. All of the configurations are local to the firewall with the exception of objects which are managed by Panorama. The final plan will be to have Panorama manage the firewalls appropriately. The 5050's will still be in place for a while after migrating to the 5250's. What i...

Aruba AP with PAN, User-ID mapping with IP, Syslog Filters

I'm trying to map User-ID to IP in our intranet so that we could easily identify User in PAN Traffic. We have Aruba APs adn AC authenticating with external Radius Server, While our PAN is sitting at the gateway. What i'm trying to do is using Aruba AC sending debug level logs to PAN, PAN could use Syslog Filters to filter our the mapping. I'm ...

ZhenGuo by L1 Bithead
  • 9343 Views
  • 3 replies
  • 0 Likes

First time BGP setup VR question

We are about to implement EBGP for the first time. The EBGP will have two peers. The ISP wants it to be used as a primary/secondary rather than equal split. We currently have two ISPs that will be going away. We are a 24/7 shop so we need a strategy to test EBGP without interfering with existing traffic.Does it make sense to create a new VR stri...

Resolved! Global Protect PreLogon question

Hi All, I am testing a build for Global Protect PreLogon which I have working to a degree. When I log in for the first time I successfully connect to GP using machine cert. When I log out, it switches to the prelogon state. When I reboot or boot the laptop, Global Protect is disconnected. Is there a way I can make GP connect as soon as the wirel...

a.jones by L3 Networker
  • 17345 Views
  • 6 replies
  • 1 Likes

Resolved! Port Move - Using Panorama Templates

Hi Folks,I need to do a port move on a 3220 - RJ45 to an SFP port - part of an ISP upgrade. Everything else remains the same. The trouble i have is that all the config is managed from a Panorama Device group. I don't know of a way of editing the various dependencies in the GUI (static routes, GP gateways, tunnels, etc) - so i am considering XML ...

GN_ROS by L1 Bithead
  • 3166 Views
  • 2 replies
  • 0 Likes

Proxy id not seen in ssh session . but able to see in GUI.

Hi TeamWe are facing issue with Proxy ID, we have configured before 114 proxyID in IPSec Tunnel and its working fine but recently we have added 4 more proxy ID in the same IPSec Tunnel. While we are not able to see the proxy IDs configured via GUI. Proxy id not seen in ssh session . but able to see in GUI. Let me know if there is any Proxy ID Li...

Resolved! QoS either on Sub Interface or Vsys

I have 24 VSYS on the Firewall,All of them are using the same physical interfaces for incoming and outgoing traffic but different sub-interfaces. I have decided to apply the QoS profile for egress traffic. As I know I can apply the QoS on the physical interface. My question, how can I configure a dedicated QoS profile using only the sub-interfac...

Access GUI port.

There are two locations where the only dedicated link is (X) access to the management of the security teams is through publication (https: // xxxx: port) All security teams have a management IP and are published with the same public ip 200.15.21.1 After the upgrade, from version 7.1.25 to 8.1.15-h3, it is observed that when you want to access th...

Global Protect, Win 10 drive mapping issues

Hello all, Just throwing this out there to see if anyone has seen similar issues. Over the last 6 months we have been having intermittent drive mapping issues on clients that have Global Protect installed. All the clients have Win 10 on them and we have global protect 5.0.5 installed. The drives are mapped using group policy and in trying to ge...

Resolved! Firewall log storage quota related

HiI have a question regarding log quota.You have set the firewall's configuration related log quota to a minimum.Immediately the logs were reduced to a minimum. (Approximately 500 lines)After that, the logs are stacked, but the previous logs are not deleted.If the capacity is exceeded, will the old log not be deleted?I am wondering if there is a...

jskang by L1 Bithead
  • 2928 Views
  • 1 replies
  • 0 Likes

query traffic log not working when activating from dynamic group

trying to use monitor (query traffic log) by way of drop-down arrow on a dynamic address group, it gives error saying '<group name> doesn't exist or doesn't contain any member'. However, activating the monitor from a policy rule name which uses the dynamic groups works fine... help? fw on 8.1.13, pan on 9.0.9

Resolved! PBF conflict with "ip strict option" in zoon protection

Hi Alli have a scenario where the traffic works fine if it's forwarded by the routing table (and nat is applied)when i used pbf, it didn't work, checking global counters i found oacket are dropped and the reason is "strict ip" option in the zone protection profile.I run debug flow basic and got this message : "source ip address in packet does no...

Resolved! Routing between overlapping networks

Hello,I want to replace our existing firewall with a PA-850. Thereby I have a problem, which I cannot get solved.I have to route to an external network, which unfortunately uses the same subnet as ours.Until now, I have used a small Linux VM, which uses DNAT to convert the addresses.In principle the PA-850 should be able to do this with another ...

problem.PNG

Resolved! SCCM management of remote GP Windows clients

We just deployed and started using GlobalProtect 5.1.1 to support the work-from-home COVID-19 initiative for thousands of remote workers. Everything is working well but my SCCM guys can't manage any of the remote clients to push patches or software updates. Our internal DNS resolves the host names to the last LAN address of the host, not the I...

pnelson by L2 Linker
  • 28924 Views
  • 15 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels