General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 1874 Views
  • 1 replies
  • 10 Likes

Traffic showing from same zone

This is not a new setup. It was working fine before.
No change was made recently.
Firewall logs show traffic hitting the right policy, however from the same zone (NET to NET) instead of  SZ104-ITSupport to LAN.
How to fix this issue?
 
 
 

Rule.jpg

Resolved! [BUG] EDL using wrong Service Route

Hello everybody!

PAN OS build 9.0.3-h3.

 

According to the PAN documentation the "External Dynamic Lists" (Object-> External Dynamic Lists) )are supposed to use "External Dynamic Lists Service Route" (Device-> Setup -> Services -> 'Service Route Configu

...

PA_ServiceRoute_EDL.PNG
PA_ServiceRoute_URL_Updates.PNG
PA_ExternalListsO365.PNG
husetech by L2 Linker
  • 4957 Views
  • 5 replies
  • 0 Likes

Communication performance issues between zones

Hi

I have a firewall configured with different zones (users, servers-prod, servers-dev). At network configuration level, 4 network interfaces are linked to 1 aggregate  group and under this aggreate group, I have on subinterface linked with each secui

...

Global protect VPN

Hi,

We are using Global protect VPN. Whenever we connect the VPN  with office network the system gets slow and we run any command it takes a lot of time to run.

Whenever we connect the VPN  with an open network the commands and the websites are working

...

Giri512 by L1 Bithead
  • 2810 Views
  • 4 replies
  • 0 Likes

WiFi calling will not work

Has anyone already got wifi calling via PA to run? I see in the session log the connections udp 500 and 4500 but wifi calling does not work on my iPhone 8. I have already excluded my AP, that's not the reason. At home router with itss integrated AP i

...

Resolved! IPv6 IPsec Site -to-Site VPN Phase-I issue

Hi ,

If anyone there who have a solution for this IPv6 IPsec Site -to-Site VPN Phase-I issue, I checked all the Phase-I and II parameters and took help from PAN TAC engineer as well. they don't have an answer for this. I am getting an this error. Your

...

Resolved! GlobalProtect 5.0 for iOS 12 and User Certificates

I have several customers (and my homelab) that leverage user certificates issued from Active Directory Certificate Authorities as a second authentication factor.  Since upgrading to the new 5.0 client for iOS, the client errors out on connection to t

...

Resolved! SIP ALG

I just want to make sure I'm thinking through the use of SIP inspection. If I have the sip application configured on a security rule, then the ALG will be in affect.

If I have defined port-based services in a security rule with no sip application defi

...

Interface flap email alert on Palo Alto 8.0

Hi Folks,

 

I want to configure email alert for interface flapt i.e ( subtype eq port ).

 

On email server profile under custom log format if I add $subtype eq port , would it be sufficient to trigger alert ?

 

 

Resolved! SMTP Authentication

Hi guys,

 

According to this document, at the bottom, it states that SMTP authentication is currently not supported. This was in 2014, so does anyone know if this is still not supported?

 

https://live.paloaltonetworks.com/t5/Learning-Articles/How-to

...

split tunnel issue

I have set up a GlobalProtect gateway in Panorama (software version 9.0.0.0) and configured it for split tunnel, however the configuration is not applying to the firewall (PA850 - software version 8.1.6)

Palo Alto Home Server Network

I currently have a family property that consists of 3 adjoining properties and structures, we retain a private home server network and are looking to protect it utilizing Palo Alto Virtual Appliance, but are being told in order to do so we must be a

...

boernerj by L1 Bithead
  • 2216 Views
  • 5 replies
  • 0 Likes

Resolved! Security Policy Search Results

We have a 3020 firewall with version 8.0.10 and need to allow a new server access to resources in other zones. An existing server, 10.100.100.10 already has this access, so I need to mimic the access of this server.

 

In Objects\Addresses there is an e

...

Top Liked Authors