General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Repurposing log collector

I have a M-500 with two disk pairs in dedicated logger mode that I want to turn into a dedicated manager. I know how to actually change the mode, but can I remove both disk pairs and use them in another logger? I assume the M-500 has internal storage for the actual OS but wanted to be sure before actually going through with it. Do I need to do a...

ikev2 with cisco Router using certificate problem

after I finished the ikev2 configuration(using Distinguished Name (Subject) from PAN and Cisco Router using identity local dn ), I got this isse: received ID_I (type dn [CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org]) does not match peers id after this: IKEv2 IKE SA negotiation is failed as responder any ideas? rega...

Luping by L0 Member
  • 2919 Views
  • 2 replies
  • 0 Likes

SSL inbound inspection

Hi Team,I am facing the issue in SSL decryption intermittently. For the transaction website. traffic flow for the SSL inspection is:- Outside user ------> Paloalto--------->Load balancer-------->Application server. In the destination NAT translation, i have given the load balancer IP. Condition A with SSL inspection:-Once we apply SSL i...

ssl.PNG

PA Migration from 5050 to 5220 with below requirement-Suggesstions Request

Hi Team,I have to Migrate PA from 5050 to 5220 for data center firewall.We are using ASA for Internet.In PA data center firewall we have 2 vsys 1 for internal another for DMZ.Now the planis DC firewall we are migrating to 5220 afterthat ASA replaced by old 5050 Firewalls.Task is we have to add 1 vsys in DC Firewall DMZ vsys in Internet firewall...

Does updating definitions/antivirus cause any downtime?

I have a new PA-3020 that is inline on my network, meaning if it goes down then so does my network. Because this PA-3020 is inline I was worried about updating the definitions (only two weeks old right now), and I was not sure if during a definitions/antivirus update, then the 3020 might drop or blip its in/out connections. Basically, if my 30...

PA Firewalls HA Active-Active Routed design with BGP

Hello Everyone,I'm designing an edge network with Active/Active HA. After reading the PA documentation, I found Active/Active Routed based redundancy design which seems best suited for our environment. However the topology shown in Docs is a square model and I'm thinking to add more links to convert it to full mesh to add more redundancy and fas...

HA-AA-Routed-based-Redundancy-Square.jpg
HA-AA-Routed-based-Redundancy-Full-Mesh.jpg
yham81 by L0 Member
  • 7484 Views
  • 3 replies
  • 0 Likes

Resolved! Feature Upgrade: load, install, run !?

What does "base image must be loaded" and "you do not have to install or run the base image" mean? See my screeshot below. The base image is there. Do I have to click on "Install"? The message however clearly says I do not need to do so? So what do I do?

ifstciss_0-1597841414632.png
ifstciss by L1 Bithead
  • 8510 Views
  • 6 replies
  • 0 Likes

DNS Query

Can we configure firewall will allow only one response for one dns request packet. Please suggest

Not able to Ping

I have l3 switch , new vlan is created and its default gateway is PA FW..A machine when connected to trust interface eth1/2 is able to access the internet...but when machines are connected to switch with trust IP range,internet is not working.My machines are not able to access internet,but when i connect a single machine to FW Trust Lan interfac...

Swetang by L1 Bithead
  • 3232 Views
  • 2 replies
  • 0 Likes

Resolved! Adding in an additional new firewall to the edge, attracting return traffic

I currently have a Brand X firewall at our perimeter with a /24 on the outside and private addressing on the inside. I want to add a PAN in parallel to the current firewall and gradually move services from Brand X to PAN. The plan at present is to take a /26 of the public space and route to the PAN outside interface from the edge routes.The tric...

palomed by L3 Networker
  • 3277 Views
  • 2 replies
  • 0 Likes

Regarding Wildfire analysis

Hello Guys, I am preparing for a PCNSA exam and practicing my labs at NDG portal. It is running version 9.0.1. Except for the File from the lab guide the firewall is not sending any other files to Wildfire for analysis. Is their some other things i should be looking at. I downloaded couple of archive, exe and docx files and it is not showing up ...

twitter not working

Twitter is not working. I create the simple policy but I got this error. aslo create the application override but still I got same error i have also change my browser but still same please suggest.

Joshan_Lakhani_0-1597479738514.png

Resolved! APP-ID Doubt

hello community, I have a question that I have not been able to solve with the study material and it keeps breaking my head.Here it goes, when I generate an application-based security policy, for example from "trust" 10.xxx to "untrust" anywith app anydesk specification (with the ssl dependency), I see the corresponding traffic between the inter...

ServiceRoute

I have configured trust and untrust zone with respect to their interface. I create policy of any any...my firewall internet only work when i configure service route and destination as outgoing interface,if i set it as default and select use management for all interface...my firewall lose its internet connectivity for upgrading OS,URL updates. My...

Swetang by L1 Bithead
  • 2446 Views
  • 1 replies
  • 0 Likes
  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels