General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

GlobalProtect Pre-Logon NULL issue

Trying to setup new config for pre-logon, seems to be not working. I am getting machine certificate null error. First i was using internal PKI but then i found this KB and i was hitting the same issue.https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClR8CAKI then tried to setup with self generated certs, while i have ask...

image.png
image.png
image.png
image.png
raji_toor by L4 Transporter
  • 13498 Views
  • 12 replies
  • 0 Likes

Resolved! Site to site tunnel routing issue

I have 2 ISP. My site to site VPN is configured at on 1/10 (ISP A).I want to move my all vpn to other isp1/9(ISPB). Once i change is interface from ike gateway and add the virtual route toward (ISP B) tunnel is up but traffic is not passing through tunnel.when i ping from my PC toward destination ip traffic is still passing via (ISP A). When i ...

How to Collect HTTPS on PA-3020?

Hi.It's a question about my client's request.The customer is using PaloAlto Pa-3020 (PAN-OS 7.1.23), and wants to collect https information (log) through the firewall. The customer told me, "I (customer) know that you need to install a private certificate on each PC to collect HTTPS."I looked up related information in Tech Docs, but I couldn't f...

Resolved! Two ISP connections - one primary / one guest network

Hello,Today we have one interface designated as a WAN interface that manages our IPsec tunnels, GP Portal/Gateway, NAT for Websites, and business web browsing and needs. We have a second internet connection that we use for a guest network that goes through a really old Sonicwall (Different IP range/provider from our main WAN (untrust) link). I...

cmateam by L3 Networker
  • 12553 Views
  • 8 replies
  • 0 Likes

SIP Trunks failing

Hi All, Im a Telephone system installer and have installed a system with SIP trunks which authenticate with the public IP (not register user name/password)The SIP trunks remain working at all times for outgoing fails after a time normally about a day. the firewall is a palo alto PA220 the SIP provider tells me they are trying to communicate on a...

palo alto.png

High DP utilization alert

Palo-Alto event “Dataplane under sever load” triggers when the CPU utilization is 100%. In Palo-Alto firewall is there any option to set threshold for the CPU Dataplane , means if CPU Utilization is to 90 or 80% it will generate alert in system logs and that we can use it to receive via email.

Deepak_K by L3 Networker
  • 4775 Views
  • 1 replies
  • 0 Likes

Resolved! HA Path Monitoring using virtual-router

So, I am new to Palo Alto firewalls and have had an interesting time getting to know their functions. I have a question which I have not been able to find the answer on regarding HA path monitoring setup specifically with a virtual router. Albeit, I have only been looking for a few days.According to my understanding, when you setup path monito...

Unable to Upgrade a PA-3050

I've purchased a used PA-3050 that's currently running version 5.06 to 6.0, but I'm running into trouble with first upgrading the content version. I'm getting an error about needing content version 401 or greater. I've tried to do a content update via Panorama. Would this document be the only way to upgrade: https://knowledgebase.paloaltonetwork...

Resolved! User-ID Struggles with picking up computer account logons

Hello! I have an open ticket with Palo Alto for our 5020 series and User-ID problems. My organization has been using PA for years and we never had issues with the User-ID portion until after moving into version 8 (it would seem). Support hasnt been much help for this question, so I want to figure out what your doing for this. I have our User-ID ...

Global Protect Enforcing VPN

Hello, I need to enforce VPN so users will not be able to access Internet unless tunnel is establish or wired corporate network is connected. Users should also be required to supply credentials and MFA every time the tunnel is built when accessing from external networks. Once the laptop is inside on the corporate network the connection should no...

SSL inspection decrypt error from some client

Hello to all, We have a linux website that we made working with inbound ssl inspection by disabling curve25519 / x25519.Some clients report errors ( always showing as decrypt errors on the monitoring) accessing the site: by taking a networrk trace on the firewall side it seems like all the client are trying to negotiate TLS V1.If I try with the ...

  • 24394 Posts
  • 123 Subscriptions
Top Solution Authors
Labels