General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Messed up IPv4 ranges in output

We are on MineMeld version 0.9.52. We had an incident with MineMeld on the 4th of March that caused a major outage for many of our users.

 

We have four miners feeding in IP addresses for our block list (let's call them bl-1, bl-2, bl-3 and wl-1). Th

...

BillC by L1 Bithead
  • 3438 Views
  • 2 replies
  • 0 Likes

Basic Routing on PA-220

I have a new PA-220 for a test lab, and this is my first time configuring any PA device from scratch, so I apologize in advance if I've missed something basic.  I have set up the interfaces and I can ping out using the troubleshooting -> ping utility

...

Resolved! traffic shaping/qos on palo alto

Hi,

We have 400/400 up and down mbps connection, your ISP does not shape the traffic and have asked us to shape it.

Applying qos on the outside interface both ways, how would we achieve it?

 

if I only set the egress then i am only setting the speed for

...

Load balancing on palo alto

Hi Guys,

I am just wondering if the following scenario is possible 

Load balancing between the two client  VPN Gateways so half the clients connect to one VPN server at site A, and the other half connect to Site B.Palo alto firewalls on both sides.

Minemeld - NGINX reverse proxy

Hi

 

I am trying to setup a minemeld server (docker image https://hub.docker.com/r/jtschichold/minemeld/ ) behind a Nginx reverse proxy. This however is to be hosted on a subpath, however I cant seem to get the authentication to work (This all works co

...

Resolved! Can you Exclude an address from your traffic search?

the following search string 
( app eq dns ) and ( port.dst eq 53 ) and ( addr.dst in 8.8.8.8 )

searches and displays all dns traffic using port 53 that has the destination ip of 8.8.8.8

I would like to know if I can look at all dns traffic traveling on

...

Expedition migration tool steps

Hello all,

 

I am planning to migrate our two checkpoint HA clusters (Active-Standby) with Palo Alto with the help of Migration tool. I never used migration tool ever. Can someone brief me steps to be followed for successful migration?

johnde by L2 Linker
  • 3076 Views
  • 1 replies
  • 0 Likes

Resolved! Configure WebGUI certificate from CLI (PanOS 9.0)

Dear all,

lost access to the WebGUI.

opaque: websrvr: Exited 4 times, waiting 1770 seconds to retry

 

Before that I received another email from the firewall:

opaque: Shared certificate xxx and corresponding key have expired.

(OK, I know, my fault)

 

So I sus

...

high MP CPU load due to appweb3 process

PA-5020, sitting on 8.0.4.

From time to time MP load increases rapadily due to appweb3 process going above 300%. Looking like this:

 

There is no direct correlation found between the spikes and actions taken within the GUI. Spike may go on for a while -

...

cpu-load.png
nikoo by L3 Networker
  • 7756 Views
  • 4 replies
  • 0 Likes

QOS Bandwidth Limitation Download & UPLOAD

I would like to understand bandwidth limitation steps on Internet download and upload

 

Example - lets say i want to restrict steaming url category on download and upload

 

1. create QOS policy to map traffic going to inside to Internet  youtube as Class

...

kan0062 by L1 Bithead
  • 5862 Views
  • 1 replies
  • 0 Likes

Resolved! After Forward Trust certificate is renewed

After Forward Trust certificate is renewed is there a way to validate the renewed certificate is working correctly from either GUI or CLI?
Device > Certificate Management > Certificates > Forward UNTrust Certificate

  • 24034 Posts
  • 102 Subscriptions
Top Liked Authors
Labels