General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! PANORAMA RMA

Hi team, We are facing questions about how to proceed with the RMA process of PANORAMA. Is not a RMA because is a virtual device but, do you hace any guide o procedures about how to proceed after deploy the new machine? How are the process to add the devices manageds from the old one Panorama? We have only have a old backup from PANORAMA, so we ...

tl20874 by L1 Bithead
  • 5366 Views
  • 3 replies
  • 0 Likes

PANOS 10.01 PA220 Sloooooow

Hello Experts, any notice the above, since deploying 10 and 10.1 I have noticed a significant slowing of the PA220 is this now expected behaviour or a bug. Its kinda made it really difficult to work on a 220 now. Darren

BizBo by L2 Linker
  • 3308 Views
  • 2 replies
  • 0 Likes

Minemeld Vulnerabilities

After downloading and building minemeld from https://github.com/PaloAltoNetworks/minemeld-docker ... Our https://anchore.com/ scanning engine has detected several vulnerabilities... Amongst other obvious concerns such as; 1. Why is it build with python2.7? 2. Why are Palo Alto still developing with this after Jan 2020 https://pythonclock.o...

Enable FTP and FTPS for Active/Passive?

Hello Folks, We have a CrushFTP server installed on a server behind our PA 3020 PANOS: 7.1.14, SSL decrypt not enabled.Security Rule: NAT Rule: Trying to figure out why Active and Passive with FTP over TLS (SSL) will not retrieve the directory listing and will not complete connection. Works fine with just FTP (insecure). Do I need to add SSL to...

FTP_rule.jpg
FTP_NAT_rule.jpg
Active_FTP.jpg
Active_FTPS.jpg
OMatlock by L4 Transporter
  • 19993 Views
  • 5 replies
  • 2 Likes

forbidden

Hi,site says forbidden while browsing the site , when I bypass there is no issue .2)When I am uploading files to web site it fails , when by pass it works Any hint to the root cause of the problem Thanks

simsim by L4 Transporter
  • 2194 Views
  • 1 replies
  • 0 Likes

Couldn't access link "www.santander.com.ar" from global protect VPN

Hi Experts, Users couldn't access the link "www.santander.com.ar" from global protect VPN, this is a normal bank related link so everyone can access though outside network, In our office structure Trust-VPN & Trust-Internal both sources zone are allowed to access "www.santander.com.ar" with general policies. As per policy Trust-Internal use...

Resolved! VPN Proxies

I have a VPN tunnel which is up and running. In the tunnel, I have 2 proxyID's which have the same local address but different remote addresses.I can only get 1 proxyid to connect. As an example, I current have proxyID1 connected and I can ping the other side. In the cli, if I type test vpn ipsec-sa tunnel tunnel-name-proxyID2. It does not co...

Resolved! DNS Security service

Hi All.Can any body know if the DNS Security Services have possible to enable and subscribe on Virtual Wire deployment?Thaks

Rojaba by L0 Member
  • 2504 Views
  • 1 replies
  • 0 Likes

IPSec Tunnels BGP Fluctuation Frequently

Hi All, We have 04 IPSec VPN tunnels created on our PA FW with Public Cloud configured with BGP. (All these 04 Tunnels are created over single Internet link). All 04 peering IP of public cloud belongs to same region. Pl note that these tunnels are in pair i.e. 02 tunnels are configured Active-Active (BGP) and redundant to each other to achieve ...

Jimmy20 by L2 Linker
  • 2474 Views
  • 1 replies
  • 0 Likes

iOS Global Protect Always-On VPN ?

We have: MDM: FilewaveiOS: 12+GP: 5+ When an iPad is rebooted, GP doesn't auto reconnect & must manually be opened/connected again. Any ideas how to get it to actually always auto reconnect? We really only care about the user identification being automatic.

Resolved! Global Protect Authentication Local User and AD user to allow both

Hello,I am setting up VPN on the Palo Alto. So far, I was using a local user database and it is working fine. I will need to move to AD authentication and tested ok. However, the issue I am getting if that I can use only one type of authentication at a time by moving the authentication profile type up on the GlobalProtect Portal>Authenticati...

Resolved! User identification in security policy

Hello, I have a problem with configuration of user identification in security policy. What is the target: for some users who login to VPN via GlobalProtect I would like to limit them to some specific subnet. Users login to VPN using their Active Directory accounts (via Radius). I created LDAP profile, group mapping and security policy (with sour...

Resolved! Need to Disable TLS 1.0 & 1.1 for port TCP-3978

Can someone suggest on how can we disable TLS 1.0 & 1.1 for port TCP-3978 Description: The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and s...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels