General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Vwire interfaces are flap

We have a Paloalto connected in vwire mode Cisco ASR1 is connected on PA eth1/21 (Primary) and Cisco ASA (Primary)is connected on PA eth1/22. Same as Cisco ASR2(secondary) is connected on ethernet1/23 and Cisco ASA(secondary) is connected via Ethernet 1/24. Interface are automatically going down and coming up Can any one suggest me why is going...

Joshan_Lakhani_0-1595447238139.png

Overlapping Proxy ID"s

I have a IPSEC site to site VPN with a Check Point firewall. In the Palo Alto I have networks / proxy ID's that overlap each other? Can this cause issues? For example I have: Local Remote192.168.50.0/24 10.241.8.0/24192.168.50.0/24 10.241.0.0/16 B...

Broken SSL Inbound Inspection After July Windows Updates Enables TLS 1.3

I have been using SSL Inbound Decryption for over a year with options1) Block sessions with unsupported versions2) Block sessions with unsupported cipher suites After applying Windows 10 updates to a reverse proxy server, it appears that connection to website is encrypted and authenticated using TLS 1.3, X25519, and AES_256_GCM (based on Google ...

DMZ server is not accessable by Global protect

Hello, I have one server belongs from the DMZ zone.Example:-server ip- 2.2.2.2source ip for VPN user - 1.1.1.1VPN zoneDMZ zoneThere is 2 scenerio:-policy(1) - I have created a policy like:-sourcezone- VPNzonesource ip - 1.1.1.1destination zone - DMZ zonedestination IP - ANY.Application - ANYservices - ANYAction - Allowno security profile. Policy...

Global Protect in Linux error

Hi, We are trying to connect to our VPN using Global Protect client in a Fedora laptop. We have tested the following articles: https://docs.paloaltonetworks.com/globalprotect/4-1/globalprotect-app-user-guide/globalprotect-app-for-linux.html#but we are getting a certificate error:pcdavid - david - / home / david· Globalprotect connect --gateway 1...

BigPalo by L4 Transporter
  • 11680 Views
  • 6 replies
  • 0 Likes

Best way to load balance to ISP with Global Protect

We have an active/passive 3020 and in from of them we have an A10 Load balancers. We want to change our current configuration so we can have a load balance between our two ISPs. What is the best practice regarding the Palo Alto? Which would it be the best architecture in this case scenario? Thank you.

JUrenaG by L1 Bithead
  • 9861 Views
  • 7 replies
  • 0 Likes

Is windows VPN client and split tunnel supported?

Dear community, I configured Windows 10 vpn client to connect to the globalprotect gateway and it works fine, the only thing that it´s not working is split tunneling. Cannot see the Access Route For Third Party Client on the gateway like this example:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIDCA0 Then checking ...

Carracido by L4 Transporter
  • 3777 Views
  • 3 replies
  • 0 Likes

CDL - Disconnect from log server

Has anyone else experienced many more "Disconnected from Log collector Server" alerts since the CDL Migration to GCP? I used to get one every now and then but since the change, it's increased dramatically. Every time I check, the firewalls are logging properly, it's just annoying to see these alerts. Also, any news on when CDL will start allowi...

MikeC by L3 Networker
  • 3424 Views
  • 2 replies
  • 0 Likes

display issue for filter user.src on different vsys(include all vision)

Hi Guys We got the issue for display src.user of different vsys(include ALL),for example, when I filtering src.user(abc.com\CDE) on traffic tab of vsys1, then unsuccessful displayed blank src.user on tab, but when I clear filter index, we can see specific user(abc.com\CDE) on traffic tab. another method, we tried filtering same specific user on ...

TysonLiu by L2 Linker
  • 4133 Views
  • 4 replies
  • 0 Likes

internet ipv6 to on-premise ipv4 nat

Hi all, there is a domain abc.com and there is an ipv6 dns record for that.so when using ipv6 from cloud is it possible to destination nat this to the ipv4 server inside. I know as a workaround we can add an ipv6 ip to that server but it is not possible now. (INTERNET)ipv6 (client)----- ipv6 FW ipv4 ---- ipv4(server) Regards

PanIst by L3 Networker
  • 3878 Views
  • 3 replies
  • 0 Likes

Devices Stopped Sending Logs to Panorama

We have five (5) devices managed through Panorama. Two of them are still generating logs, while three of them have stopped sending logs. Please assist. it the logs Stops to receive from the device and The traffic and threat logs can be viewed when looking directly on the firewalls, but are not visible on Panorama It has noted that panorama could...

Resolved! Queries on PA Firewall migration - DNS Security and Interface redundancy

Hi Team,I have a couple of queries.1. Currently the customer is using Redundant interface in Juniper, we will be migrating to PA. One interface is connected to a router 1 for internet and another interface is connected to a different router for data. How can we tackle it ? PBF is the suggested solution or is there any other way by which we can d...

Request for Palo Alto PSE Certification Clarification.

Owing to the syllabus changes in the palo alto course work material. I would like to request for your clarification with regards to taking PSE-StrataDC Proffessional exam. Is there any prerequisite certification that I MUST undertake before embarking on the PSE-StrataDC Exam?. Your prompt answer shall be of much value.

Milimu by L0 Member
  • 3466 Views
  • 1 replies
  • 0 Likes
  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels