General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

BGP RIB out and Local RIB

Can someone explain me the difference between RIB out tab and Local RIB in BGP. What is contained in RIB out and Local RIb?Also what is pupose of Import and Export tab in BGP Appreciate your help. -Rajaram.

Firewall Monitoring - Availability and hardware utilization

Hi There, I need to monitor the firewalls, actually are 2 Ingress, 2 Egress, 1 Management and 1 panorama in 5 different environments, (dev, no prod, and so on) If you google "custom pan os metrics published for monitoring" the first link has the step-by-step to monitoring using Application Insights that has some charges after 5 Gb, however, I d ...

laelijr by L0 Member
  • 4276 Views
  • 2 replies
  • 0 Likes

DFA in PA

As a result of the covid, many clients with GP are asking me about the possibilities for implementation DFA with Palo Alto GP. I was checking about client certificate config in GP but i think this is not very safe at all.What recommendation/DFA do you have?

BigPalo by L4 Transporter
  • 2411 Views
  • 1 replies
  • 0 Likes

Resolved! Route to ISP connected to other VR

Hi all. I have the this situation:- router VR1 has LAN network 10.0.0.0/16 (zone LAN1) and ISP network X.X.X.128/27 (Zone WAN)- router VR2 has LAN network and 10.0.0.0/8 (zone LAN2)- Users in both LAN segments need to access internet I made a static route from VR2 to VR1 like this:- name: default- destination: 0.0.0.0/0- next hop: type = next-vr...

Resolved! Can't get a route

I have new Palos that I didn't set up myself. I created the interfaces and added OSPF. Network team says they can't get a route for a network. Tried everything I know. Suggestions?

Resolved! Panorama Config Report(s)

Hello, I know this information can be gathered via the 'Configuration Log' but is there a report I can build (I can't seem to find) that I can schedule daily or weekly reports to show edits to the configuration(s) made from Panorama? Thanks.

COlson by L2 Linker
  • 3575 Views
  • 2 replies
  • 0 Likes

Session Timeout Issue - Tunnel Active but User ID Authentication removes

Dear Team, We are facing an issue in VPN where in Authentication of users is removed frequently at a random time. IMPACT : We have created Source User base policy - Hence once a user session is timed out, browsing of the user is impacted. User needs to relogin and then can access Internet Traffic. However Tunnel is always active and only "User A...

Captive Portal + Global Protect

Hi team, How to make work the Palo Alto Captive portal after users logged in to Global protect. ?Users who got connected to GP should get captive portal auth page while they try to use internet.Is there any way to achieve this ?

Microsoft Edge is blocked.

Hi everyone! I have such kind of problem, maybe some of you have faced this.I've blocked Chrome, Firefox and Opera, but it also blocked Microsoft Edge, which should work.I tested deleting this application filters, which I created and found that the problem was with Chrome app filter.I have shared it here. What can cause a problem?

blocking.jpg

DigiCert SHA2 untrusted

We own a wildcard cert from Digicert for on-prem or cloud hosted websites. When doing decryption traffic to our websites breaks and i had to uncheck 'block untrusted certificates' to make it work. How can i keep blocking untrusted certificates and still allow traffic. I know i can create a separate profile for known websites, but i was thinking ...

raji_toor by L4 Transporter
  • 2786 Views
  • 1 replies
  • 0 Likes

RDP To VPN Connected User

As the title, is this physically possible? Long story short, have a requirement to connect remotely to a company users laptop, which is connected to GlobalProtect VPN... via remote desktop from another pc on the same companys LAN Have attempted to connect from a pc on the company LAN to a user working from home who is connected to GlobalProtec...

carterg by L2 Linker
  • 13673 Views
  • 6 replies
  • 0 Likes

SSL Decryption every day more exclusions

Hi, We are using a PaloAlto 3260 with PanOS 9.0.7. We have configured SSL decryption wich uses a certificate signed by our own Windows CA server. Each client in our environment has the Windows Root CA.In the beginning (2 years ago) everything worked well. We could decrypt everything except everything in the category financial.But now latest mont...

ZEBIT by L3 Networker
  • 3621 Views
  • 3 replies
  • 0 Likes

Loopback between two virtual routers are not pinging

I created two Virtual Router for internal bgp peering to export routes. Virtual-Router-1 - loopback-interface- 5.5.5.5/32 ; zone-fiveVirtual-Router-2 - Loopback-interface-6.6.6.6/32 ; zone-sixsecurity policy any-zone to any-zone is allow. I am unable to ping from 5.5.5.5 to 6.6.6.6 or vice versa. BGP peering is getting established but advertised...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels