General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Dynamic update for trial license

Hi all, I received PA-200 that was stored on storage for years. The box was unopend so I registered device and requested trial license (according to the portal site, it seemd that the device only had expired Software Warranty Support). After executing "Retrieve license keys from license server", it seemd that the trial license was properly app...

starplat by L1 Bithead
  • 8421 Views
  • 7 replies
  • 0 Likes

What's the latest recommended version for PA-820 ?

Hi everyone, My company i've been working outsource informed me about a vulnerability which is recently announced.So it seems i should update PA-820 which is working as cluster with Passive (HA).Current version is 9.0.8.Is there anyone who's been running with 9.1.x version with no giant bug ?Thanks in advance.

Onrcan91 by L0 Member
  • 5591 Views
  • 1 replies
  • 0 Likes

Resolved! route-table unicast appear after adding new prefix in BGP export filter

Hi, We have an existing BGP peer session to our service provider advertising a few prefixes which has been working fine. I have recently added a new prefix (/24) which statically routed to our internal switch, all our static routes are redistributed into BGP and they are learnt by our service provider router. I have added this new prefix onto ...

ShanVD by L0 Member
  • 2856 Views
  • 1 replies
  • 0 Likes

Is there an option to store a file crossing PA?

I would like to block certain file types using File Blocking profile (which works fine), but instead of just discarding files which were blocked I would like to store them for later. Or in other words is it possible to get hold of files which PA blocked?Thanks

Resolved! Help with routing decision

Hi Got BGP providing DGW and I have a static 0.0.0.0/0 with metric 240 so its last resort route butVIRTUAL ROUTER: vr_default (id 2)==========destination nexthop metric flags age interface next-AS0.0.0.0/0 0.0.0.0 19 ~0.0.0.0/0 202.74.32.69 ?B 612028 ASXXXX0.0.0.0/0 202.74.32.71 240 A S ae3.10 for some reason the static is active over the BGP ro...

Resolved! Query About To Increase VM-Firewall Disk Storage Size

Hi Team, We deployed a VM series firewall in azure and it's in production now. Presently the VM-Firewall OS disk storage size is 60GB and there is no Data Disk used. Since the customer is need a 6 months of log retention period. As customer isn't ready to forward the logs to any external syslog server or panorama. So we planed to increse a disk ...

Resolved! multi lan multi wan best practice

situation is this : currently i have :multiple lans/vlans1 p2p line (single subnet static route01 internet line1 virtual router now, i need to add another wan my best practice should bea : to do another virtual router and separate relevant networks to each vr?b : to "bag" everything under 1 vr with ecmp enabled + pbf?c : maybe something i didn't...

Problems with installing Expedition: /usr/bin/dkpg returned an error code 1

Hi, I am currently trying to install Expedition with the PAN Install guide and using Ubuntu 16.04.7 LTS.So I installed Ubuntu, made sure it has internet connection and then followed the installation guide until the installation of Expedition itself. (./initSetup.sh).During the Installation I got asked to provide a password for the MariaDB root U...

Resolved! Vulnerability protection ip exception

We have our regular penetration tests coming up and we need to allow the IP addresses that are doing the testing to scan our network. Is there a way to create an IP based vulnerability protection exception? I know how to create an exception for a specific threat, but is there a way to allow a specific IP or set of IPs through the vulnerability p...

Rule bypassed when specific ip entered for destination (PanOS 8.1)

I have a rule that has been failing to allow connections to the internal system. To test i've set up the rules below. (IP's obfuscated)When I run> test security-policy-match source 1.1.1.206 destination 2.2.2.226 protocol 22the response is"External-TEST-OPEN; index: 2" { I am currently able to connect from external to internal with the Extern...

rwolsen by L1 Bithead
  • 3948 Views
  • 4 replies
  • 0 Likes

Panorama Security Profiles Problem - Pushed to device

hi,I am facing a strange Problem in my LAB environment. I have created some File Blocking, WildFire and Data Filtering Profiles in VM based Panorama (9.1.4) and Pushed to PA-200 (8.1.16). The profiles in Device seen very strange. Here Sample images are attached, help required to resolve this issue.

2020-09-19_17-09-47.png
2020-09-19_17-09-53.png

UserId Agent stating connections port 135

Hi, We need to know why our UIAs are starting sessions to INTERNET in port 135. how can we mitigate this flow? WE disblae UIA in INTERNET zone but we still see these sessions. Here you can see the kind of sessions: any idea?

UBE1.JPG
BigPalo by L4 Transporter
  • 3245 Views
  • 3 replies
  • 0 Likes

Interstate DR setup with site replication.

Hi All, We are currently in the build process of a interstate warm DR. Our primary DC has a pair of 850s while the interstate has a pair of 820s. I have begun implementing Panorama to manage both sites, both devices are configured with a simple clean config currently running on the DR 820's. We will be using VMware site recovery manager to move...

Panorama doesn't load on firefox

Hi All, I have been struggling with this issue for few months now.The panorama VM site just doesn't load on my system, using firefox browser. It shows blank white page and after few refreshes of the page (and praying - please load this time), it finally loads but way too slow to be functional.I have tried changing browsers, as many suggested, bu...

Fatema by L2 Linker
  • 6201 Views
  • 6 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels