General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! User-id error after commit

I have setup user-id mapping using the instruction here:https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-ip-addresses-to-users/configure-user-mapping-using-the-windows-user-id-agent.html#idf8932678-911a-4153-ab89-94f19b988aef I have 2 servers with the user-id agent and 2 servers with the terminal server agent all set up and ...

User-Id config

Hi every onei faced this problem while configuring my Ldap profile on palo alto.the connexion between palo alto and windows server 2012 is not effective.the BASE do not appear. May somebody give me a help

pb.PNG

Unable to clear Apps seen from local firewall

Hello,Has anyone seen the following issue? Panorama manages a security policy for a remote PA, if you try clear the app seen counter on the remote PA using this KB https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/security-policy-rule-optimization/policy-optimizer-concepts/clear-application-usage-data you get a server error: fail ...

sami-su by L1 Bithead
  • 11304 Views
  • 9 replies
  • 0 Likes

Threat log URL column is blank..

Hi Team,In monitor >> threat>> we are getting URL column as blank.We can see source address and destination address.Can we get URL also in the logs for any actions of vulnerability protection? Thanking You in advance!!

Palo-Alto FW 9.0.4 Hardening Steps

Hello Guys, Joined the community recently...!! Hope all you are good in health and doing great..!! Here...I am looking for a recommended and basic hardening steps (not a complete book) along with commands line for GUI steps/process for Palo-Alto firewall (with 9.0.4 version). Simply the hardening steps which must be there and available for all ...

Jimmy20 by L2 Linker
  • 7490 Views
  • 1 replies
  • 0 Likes

Block Page not always displayed

Hi, I have the problem that for some URLs I get a block Page and for other URLs I get the "Error secure connection failed" Message.Both responses have the same session end reason: decrypt-cert-validation.As this happens regarding SSL connections I use a decryption Profile with checked: Block sessions with expired certificatesBlock sessions with ...

97% speed decrease on SMB traffic (PANOS 8.1)

We're currently having some issues with ms-ds-smb (both v2 and v3) traffic on our PA-3020's (active/passive pair), where we are seeing a 97% speed decrease measured against direct traffic. In order to determine the source of the issue, I have tried to disable server response inspection and all the security profiles, but I'm still getting speeds ...

arvesynd by L3 Networker
  • 26191 Views
  • 7 replies
  • 1 Likes

VLAN entry

Hi I have a network with IP addresses in the range of 192.168.100 and 192.168.130 on two singular network cards on the same machine on the local network. Port 4 on the firewall is plugged into another device with the .130 range IP. Port 1 on the firewall is plugged into the local network. I can’t contact the other device from the machine. Any ...

Update to 8.0.6 appears to have broken IPSec tunnel connections

Since our PA updated we've had a problem with one IPSec Tunnel not routing correctly. It appears to relate to just one Proxy ID but I've checked all and they're exactly the same as the PFSense box we're connecting to. Everything was fine until the update to 8.0.6. I've followed this KB... https://live.paloaltonetworks.com/t5/Management-Articles/...

Resolved! HA Status Options UnKnown or Down

I have a pair of Palo-220's that I've pushed my templates to from Panorama and now the HA options on both devices are in an UnKnown or Down state. These templates have been pushed out to multiple other pairs I have setup alos but this pair is only one to have the issue. I have a case open and have been on hold with Support now for over an hour s...

thambright_0-1590770397016.png

can we import duplicate Ccommon name certificate of diffrent vendon?

We already using sectigo cert for gp gateway *.example.com. We have purchased same wildcard certificate from reddit.Sectigo certficate is going to expire before that we want to test GP gateway on new certificate signed by reddit.We will configure GP on our secondary ISP and will create DNS host entry in our machine to test the same. Can we impor...

Deepak_K by L3 Networker
  • 2348 Views
  • 1 replies
  • 0 Likes

Resolved! How to handle outlook repeatedly retrying blocked file downloads

In File Blocking Security Profile, I am blocking encrypted pdfs. Looking at the Data Filtering Logs, every few seconds office365-enterprise-access application is trying to download encrypted pdf and it gets denied. There also is not file name listed, so it's not clear how I can attribute this to a message and delete it. How are other people ha...

Resolved! Issues with https://urlfiltering.paloaltonetworks.com/

Hello Everyone, I am trying to recategorize a website using https://urlfiltering.paloaltonetworks.com/ I selected the correct category in my opinion, gave a quick explanation in the comment and then got the following error message after some processing time: "Your submit has some problems. Please try again!" I tried a couple of different website...

Query on DH group for IPSEC VPN

We are having issue in building an IPSEC tunnel on a Palo firewall. Using ver 9.1.2. Getting below error 'IKE phase-1 negotiation is failed. Couldn't find configuration for IKE phase-1 request for peer IP... The peer IP type is Dynamic with no proxy ID in use. We are using IKEv1, DPD is disabled, NAT-t is enabled, Phase1 & 2 are matching at ...

NSX-T east-west traffic integration sizing question.

Hi,I have a question about using palo alto for east west traffic inspection in an NSX-T environment. There are 2 deployment models in a service cluster and per host model. https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewall-on-nsx/set-up-the-vm-series-firewall-on-nsx-t-east-west/supported-deployment...

GOMEZZZ by L2 Linker
  • 3074 Views
  • 1 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels