General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! SAML login remove lock (superuser?)

When I am logged in via SAML, I noticed that I was not able to remove other users' locks. Seems like this may be because I am not a superuser? Is there any way to make a SAML-authed user be a superuser?

Resolved! Zone Capacities per PA model

Looking to understand the maximum number of zones which can be used in a given firewall based on model. Is there a document out there which shows the maximum number of zones? Specifically these models:PA-445, PA460, PA1410, PA3420 If based on OS - I would be interested in 11.1.x

clewis1 by L3 Networker
  • 2007 Views
  • 2 replies
  • 0 Likes

VOICE Issues

I got a PA-1410 ,it has IP telephony, and their server is in the cloud. The phones have an address 10.200.x.x/24 and make the registration request through ports 5060 or 5075 to a server in the cloud with IP 148.235.12x.x through the SIP application.The phones do not register, using the initial port, no matter which of the mentioned, for the exam...

F.Pinar by L3 Networker
  • 885 Views
  • 2 replies
  • 0 Likes

Resolved! Tufin

Does anyone have experience using this in a larger environment? Multi vsys? Panorama? HA Clusters and so on. Are there better options available? Thanks in advance for your time.

After software upgrade firewall stopped to sending syslog

We upgraded PA-1410 from sofware release 11.0.2.-5 to 11.1.6-h3. The upgrade itself went well, but a few days later firewall stopped to send syslog messages. Executed tcpdump on the management port, but there is no syslog traffic at all. Checked the system resources, logrcvr servcie seems to be running. I tried to restart the service, and realiz...

Resolved! TCP MSS Physical interface settings understanding?

Hi, Can someone confirm if my Understanding for PA "Adjust the TCP MSS" is correct? Reference to this link this is how PA Firewall "Adjust the TCP MSS" value in the physical interface. In other Vendor when we configured the TCP-MSS value we usually set the "Actual bytes" Example for cisco: "ip tcp adjust-mss 1390"In PA firewall, it looks l...

Silvs13_0-1743481280686.png
Silvs13 by L0 Member
  • 3263 Views
  • 1 replies
  • 0 Likes

PA460 issues

Hi, We have two FW PA460 in HA, one active and another one passive. We have several issues related to configuration synchronization and HA: 1- Synchronization before a commit can take us up to 8 minutes. With the old FW the commit was in less than a minute and with these newer models we have gotten worse. It wouldn't affect us if it wasn't tha...

BigPalo by L4 Transporter
  • 3803 Views
  • 7 replies
  • 0 Likes

Resolved! IP Sec VPN Paloalto - Starlink

I'm testing Starlink business and having issues passing traffic over my tunnel. This remote site connects to our data center via an IPsec tunnel. I can get the tunnel up and traceroute to the remote side of the tunnel, but I'm unable to pass traffic. I have "Enable NAT Traversal" selected on my IKE Gateway. The Starlink is set to IP passthrough....

The PA-VM eval is crashing after minutes since reboot

Hello, I've created this discussion because I've downloaded PA-VM eval for ESXi [.ova] and tried to launch this using VMware workstation PRO [latest version]. I found on the LIVEcommunity some threads like so: https://live.paloaltonetworks.com/t5/general-topics/pa-vm-10-0-4-trial-gets-shutdown-after-a-minute/td-p/501973 however, once I followed...

Adam_D by L1 Bithead
  • 2750 Views
  • 6 replies
  • 0 Likes

Resolved! TCP fast open and Palo Alto

as far as I could test there is no way to make TCP fast open work through a Palo Alto fw (at least, since 9.1 which seemed to work. It tried 10.2 and 11.2 and all my tests fail there). Whenever a client sends a SYN packet with data, it is transmitted, no matter the zone protection profile, no matter whether the "TCP SYN with Data" option in the...

frigault by L1 Bithead
  • 5737 Views
  • 3 replies
  • 0 Likes

Several Medium Alerts from NGFW on : " Virus/Win32.WGeneric.eolzov(705362387)" This morning

Has anyone else seen any alerts for this Generic Threat ? It triggered on a few .LNK files that could not be located on the machines identified in the alert. This threat ID is new as of today, we have opened a support case, but was curious if anyone else was see'ing the same thing. False Positve ? Very little information on the web on these ...

TroianoF by L0 Member
  • 1203 Views
  • 2 replies
  • 0 Likes

syslog server connection failed

Hi, I have a PA VM setup and a syslog server to forwards the logs to. I have done all the configurations needed and syslogs server are receiving the logs. But on the system log there's still an error showing "syslog connection failed to server[x.x.x.x] Is this expected?

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels