General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Bricking a firewall?

Ok, I am not surprised in life that an upgrade can go wrong. Happens on many different technologies. But I recently had my over $60k PA5220 firewall brick going from 17.x to 18.x. And that was after getting advice from PA support before doing the upgrade to try and avoid a problem. It amazes me that there is no reliable factory reset funct...

tyler by L1 Bithead
  • 2637 Views
  • 1 replies
  • 0 Likes

Not able to comunicate with paloalto eth 1/2 interface

Hi Guys I have come here with lot of hope , I am doing my masters project and for that purpose my topology .My goal here is to show how paloalto can block the threats with its inbuilt IDS IPS ,url filtering , block traffic etc but right now I am facing a issue setting up a network I configured ping managenment on the firewall also I configured t...

Aggregation of ethernet on PA-4050 with Cisco switch

Hi,I am trying to get an aggregation link up between a Cisco and PA-4050 switch (v3.1.2). I have two link in the group and have configured L3 sub interfaces to seperate VLANs. I am able to send traffic across these links but they are clearly not functioning as aggregated interfaces as i loose packets when failing one of the two links (more like ...

Palo Alto Zone Primer

Hi All! I've recently been creating video guides on Palo Alto Topics. This time I've started on zones.This includes why we use zones, how they help, and some advanced features that PA have (zone protection profile and packet buffer profile). If you're interested, or know someone who's learning, here's the video:https://youtu.be/dBKC6Q0dpdk Enjoy!

Luke_R by L2 Linker
  • 3424 Views
  • 1 replies
  • 1 Likes

PAN-OS 8.0.5 sending continuous delete and create for IPSec SA

PA is sending continuous delete create every 3 seconds. It can be seen from the PA logs that SPI 0xAFD67238/0xC436E70E created at time 2020-06-13 05:50:55.230 and PA became responder for established child SA. For some strange reason PA again triggers child sa creation at 2020-06-13 05:50:55.968 for SPI 0x965504AB/0xCA05A690 and delete older SPI...

DNS Resolution

Is there any way to segregate the traffic of DNS server through global protect. example:- I have allowed some traffic through the split tunnel and i configured internal DNS server.scenerio:-I connect through the global protect when i do nslookup from my system my all query will resolve by internal DNS server, However i want to segregate traffic...

Extract output node's feeds to custom platform.

How to export minemeld outputs to a custom platform.I am working on a threat handling platform and I would like to use the feeds coming from minemeld output nodes, extract few details and use those to monitor other feeds.For that I need to get the output feeds preferably in json format or any other format also will do.Could you please suggest me...

Resolved! USer-ID enable?

Hi team, Can someone expertise tell me that where we enable user-id?Is it on Panorama or on Gateway and help me to understand ow it's work?

AmitPA by L0 Member
  • 2547 Views
  • 1 replies
  • 0 Likes

Redis - Package Upgrade Issues

I've been trying to upgrade my Ubuntu instance for the past few months, but keep having to install all package updates manually as redis-server and redis-tools fail as it can't overwrite the minemeld redis config. After updating the packages, we are unable to login to minemeld as nginx throws a 502 error. Is anyone else having this issue? If so,...

Resolved! Guide to updating an HA Pair

While learning more about Palo Alto firewalls, I put together a guide on how to update a pair of firewalls in HA.Hope it's useful, and I hope you like it! https://youtu.be/tPkMxJXIW7s

Luke_R by L2 Linker
  • 3866 Views
  • 2 replies
  • 0 Likes

panorama disk-space

We see"Show system search-engine-quota" displays 480491MB of space, accounting for 66% of the document, and the detailed information(total size) displayed under search engine also does not reach 480491MB. Can you explain it? Thank youThe following is a screenshot of show system search engine quota.

search-engine.png
DISK-SPACE.png
Eccomtac by L0 Member
  • 2688 Views
  • 1 replies
  • 0 Likes

After upgradae of pan os 8. 1. 14h2 auth profile changes auto

the PAN-OS has upgraded from 8. 1. 9h4 to 8. 1. 14h2.The issue has been reported that users are able to connect the VPN via Global protect with their AD logins, but unable to access few web-based applications.The logs are not received by the firewall in the traffic monitor, At the same time packet capture was done and counters from the firewall ...

Dynamic Domain List Empty

Created Dynamic Domain list, added single domain x.y.com > added list to antispyware profile > profile is used in policies but still the list shows empty. Also tries y.com still it is empty. Source URL is accessible an there are other IP lists in same location that are working. request system external-list refresh type domain name SINK-Do...

raji_toor_0-1592762122984.png
raji_toor by L4 Transporter
  • 4761 Views
  • 6 replies
  • 0 Likes

Resolved! Layer 3 routing on PA

Guys, facing a small issue hope can resolve togetherI have created a new network on PA as Layer-3(503) and am trying to communicate with my other existing layer-3 network (501):Steps configured are as follows :1) created Layer-3 ae4.503 with IP X.53.1 and existing is ae4.501 with IP X.50.12) Policy from both either network 3) Policy based forwar...

  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels