General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Wildfire submittion issue

we have seen in wildfire the same file (i have verified the file hash available in wildfire cloud) is submitting multiple tiles even after the verdict is malicious from old wildfire submission.ie, wildfire dynamic update is configured for every minute and it is having the latest wildfire content, still, the same file is again submitting to wild...

Joshan_Lakhani_0-1598385227480.png

Panorama: PDF export full of HTML code

Update 2: This is almost completely fixed in 8.1.16, with only one column showing [object Object] instead of a value. See this post for details. Update 1: This is still not fixed in 8.1.12, although the issue is slightly different. See this post for details. Panorama 8.1.10 (running in VMWare ESXi 6.5 if that makes a difference) All PDF and ...

PDF-export-NAT-Policies.png
fjwcash by L4 Transporter
  • 16954 Views
  • 15 replies
  • 0 Likes

Resolved! HA setup and standy firewall has more config then active firewall

Hi Guys, I have Firewall setup where standby firewall has more config then active firewall. Right now config is out of sync and HA1 back up link is up. HA1 and HA2 links are down.What I want is the config of standby firewall on the active as well . if I click on 'Sync with Peer' , which config will be synced ? @BPry can you please help on this? ...

shafi021 by L2 Linker
  • 3661 Views
  • 3 replies
  • 0 Likes

IP is getting Registered with TAG Name,but I don't find the IP in DAG

Hi, I am testing some scenario and I see the ip is getting registered with TAG but i don't see it in DAG. palo-alto-panos-9.0> show object registered-ip tag testregistered IP Tags---------------------------------------- -----------------9.9.9.3 #"test (never expire)"9.9.9.13 #"test (never expire)"9.9.9.14 #"test (never expire)"4.4.4.4 #"tes...

DAG.PNG
tag.PNG

Global protect and HA3 with session owner as primary device.

I have an active/active global protect configuration with the session owner set as primary-device.1 portal2 gateways I can connect to either PA with the client but traffic will not route outside of the secondary PA. I can ping every interface on the secondary from a connected client. I get a bunch of hits for ha_aa_pktfwd_err_decap on the primar...

reCaptcha and Restricted Internet Users

Due to the recent COVID crisis, our users are asked to login to a website prior to coming into work to "validate" that they do not have COVID symptoms or been in contact with anyone who has COVID. There are some users who are unable to do this prior to coming in and we need to allow them to access the website from their VDI/PCs when they come in...

Resolved! GlobalProtect : MAC adresses and Armis integration

Our ISO organisation has bought many passive listening Armis IOT devices in our computer centers to better identify IOT devices connected to our network. Armis uses the MAC addresses of detected devices as the unique key to allow to create rules, alerts and policies. With our switch to GP as our VPN solution we are looking into options on how we...

Resolved! Support Portal appears to be down connecting from Hawaii 8-25-2020

Is anyone else experiencing no connectivity to the support portal? I have tried from my work and home spectrum internet connections and am unable to bring up the support.paloaltonetworks.com portal. The site times out, other sites appear to be working here just the support portal. Looks like this is affecting the ability load software on the ...

dkhilo by L0 Member
  • 2694 Views
  • 1 replies
  • 0 Likes

Resolved! HELP - VPN IPSEC - SUBNET OVERLAPPING

I require a helpI have to perform a nat in the tunnel, because my network conflicts with that of my other site:Site 1192.168.50.0/24site 2192.168.50.0/24Serial connection from site 2 to site 1 to a specific server192.168.50.0/24 -------- 192.168.50.253 (Server)I need to do NAT with network 172.50.1.253 at site 1, 192.168.50.253 NAT 172.16.50.253...

policy based forwarding issue on palo alto.

Folks,A policy based forwarding rule that we have created does not work. This pfb rule is create in vsys3 so we are not sure if any other configuration is needed. When we try to see the running configuration for all pbf rules this is what it shows: admin@hostname> show pbf rule allServer error : No PBF rule in vsys 1.admin@hostname> Unlike...

nson2139 by L3 Networker
  • 2575 Views
  • 1 replies
  • 0 Likes

Resolved! Vwire Active Active with ASA HA Pair

I have a n HA pair of ASA and will be implementing an HA pair of PANS between the Core and ASAs. I can send a topology if necessary. Currently have a Cisco 3750 layer 3 connected to two separate Cisco 2960s via a trunk link. The2960s are aslo inter-connected via a trunk link. The ASAs are connected to each 2960 via access port. The original idea...

Firewall Logs Backup

Dear Team, How to take logs from active standby firewalls i am going to migrate the firewall from 5050 to 5220 so i will lost old firewall logs once i added new firewalls to panorama.Kindly suggest how can we take the logs for future purpose and suggestions. Thanks.,A.Yazar Arafath

Global Protect gateway timeout

We are connected via Global Protect are having issues where the session gets disconnected overnight. Is there a way to override this setting only for one user ? Does below settings change will affect all users We are using split tunnel. Could you please advise if any workarounds can be made ? just to keep the heart beat active at least ? I am r...

Capture.JPG

Resolved! How to remove SSH weak algorithms?

An internal PCI vulnerability scan has revealed the following issues with the PAN-820 appliance:1. SSH Weak Algorithms Supported: Tester has detected that the remote SSH server is configured to use the Arcfour stream. RFC 4253 advises against using Arcfour due to an issue with weak keys.Affects management interface 10.32.1.2:22 (tcp)Also affects...

  • 24395 Posts
  • 123 Subscriptions
Top Solution Authors
Labels