General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

VPN issues with 3 ISPs

After upgrading to the pa-850 10.2.13-H3 version, problems started occurring in one of the ISPs. There are 3 ISPs, the first two main ones and the third one as a secondary ISP which manages the VPNS. After the upgrade the configuration was maintained and there were no changes (administrative and metric distance), suddenly they started to fail ca...

F.Pinar by L3 Networker
  • 1288 Views
  • 2 replies
  • 0 Likes

Resolved! export ike debug to syslog

Hello, We are having an intermittent tunnel issue. We have debug turned on in the ike logs and when I view them on the box I see all the debug logs. However, these rollover pretty fast and if the issue occurs and no one logs in to pull the logs within an hour or so then they are gone. We have set up a syslog server and the palo is sending logs...

SeanHuff by L0 Member
  • 1526 Views
  • 3 replies
  • 0 Likes

Resolved! MFA external provider question

Hello Community, I have always use don-prem solutions for MFA. Currently I am researching using a 3rd party provider, (Duo v2, Okta Adaptive, PingID, and RSA SecurID) . Which one do you use and would you recommend them? I was considering Duo since they have the lowest cost offering. Love to hear your thoughts! Cheers!

Unable to set SSL/TLS Service Profile with Panorama

Hello, At a bit of a dead end with a template change. Essentially, I am trying to configure the VMSeries Firewalls SSL/TLS Service Profile under: Device > Setup > Management > General Settings > SSL/TLS Service Profile I have configured the profile and requisite certificates in my template but when I push the changes, the SSL/TLS ...

panorama_template.png
fw_profile.png
fw_general_settings.png
C.Stuart by L1 Bithead
  • 6295 Views
  • 8 replies
  • 1 Likes

GlobalProtect to Facilitate Multi-Factor Authentication Notifications

I'm working on setting this up, however when the popup box appears on the laptop wanting me to click on the link for additional authentication I am brought to a webpage saying the connection has timed out. Now the url is going after <ip address>:6081. If I do a port scan against the IP address I do not see it listening on port 6081. I have...

zthiel by L2 Linker
  • 4656 Views
  • 5 replies
  • 0 Likes

Disk usage alerts

I have a small doubt, always the /opt/pancfg exceeds 80% and I get a constant alert, I would like the alert not to jump at 80% but to start jumping the alert at 90% or so, is it possible to change the percentage of the alert?

Resolved! Change ISP

we're upgrading the internet link in one of our offices...so qwe purchased a new link from a different provider...and I was thinking of unplugging the old link, plugin the new link, remove the old public IP address and then add the IP address of the new link, change the default route...the firewall is PA-200 version 7.1.14...has anyone done this...

Disabling bad checksum on Firewalls

Hi All, We have received an request to disable the drop of packets due to bad checksum. I had the following questions on this: Q1: Can i see in the traffic logs if any connections are dropped due to bad checksum. Q2: This can be done by entering the following command through CLI set session strict-checksum no Is this correct? Will it h...

Resolved! SPARE device usage

Dear PANw,We (as a distributor) have a case where one of our Partners want to purchase SPARE units to cover their multiple client RMA cases (not just one, since OSS devices are registered to one particular customer and stays at their premises, this is not an option ). This partner doesn't have international ASC certificate and this requirement i...

Upgrade path to 11.2.5 from 11.0.0 on a PA-410

Hi there, Can you tell me what would be the recommended Upgrade path to 11.2.5 from 11.0.0 on an HA Firewall Pair PA-410, please? FW firmware Current ver.: 11.0.01. PAN-OS 11.1.02. PAN-OS 11.2.03. PAN-OS 11.2.5 In PAN-OS 11.0, you can now skip up to three software versions when upgrading or downgrading standalone devices or Panorama managed devi...

A.Otsu by L0 Member
  • 3624 Views
  • 5 replies
  • 0 Likes

Problems for deactivate cyserver Cortex XDR

Hi team Is there any way to disable this service? Even if I run the commands cytool protect disable or cytool runtime stop, it won't let me disable it, I get the message Access is denied. Regards

Alpalo_0-1743697113968.png
Alpalo by L4 Transporter
  • 1342 Views
  • 1 replies
  • 0 Likes

SAML - Integration - Globalprotect Azure-AD-EntraID  - Policy Based Groups Azure-AD for GP Zone

SAML - Integration - Globalprotect Azure-AD-EntraID - Policy Based Groups Azure-AD for GP Hello Live community, how's it going? I hope it's going well. I have a question, today we have via GP the integration with Azure-AD Entra ID, via SAML, where everything works correctly. At the level of what is the assignment of groups, we already ass...

Metgatz by L4 Transporter
  • 1228 Views
  • 1 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels