General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! External Untrusted Site LDAP via NAT to Trusted Windows AD server

Hello. I have reviewed a number of PA article and Live Video's and still am not sure my NAT and Security policy are functioning.PA-220.Below is the monitoring log I am seeing. I expect to see 389/LDAP to complete and show some NAT details - which I am not. The source (External site) will be sending the LDAP requests from 52.38.125.245 or 54.1...

PA LDAP Security policy.JPG
PA LDAP NAT policy.JPG
catrock_0-1590991417560.png
catrock by L2 Linker
  • 3387 Views
  • 2 replies
  • 0 Likes

Resolved! User-ID Agents

Hi, I'm digging deeper into User-ID agents, and I'm aware that I have two options; The Windows agent, and the PAN-OS agent. If I have a Windows domain, and no other directory services, is the Windows agent the best choice?Is there any benefit to configuring both? Or is this completely unnecessary? Thanks!

Luke_R by L2 Linker
  • 5622 Views
  • 4 replies
  • 0 Likes

Resolved! Global Protect SMB traffic slowness

Hi Team, We are using global protect to connect to corporate file sharing server. Once GP is connected we are able to copy and paste the file from fileserver which is mapped in my local machine. But the issue is it is very slow. Like only 373Kbps traffic only passing in it. But when we use different VPN like Sonic wall Speed is good. Can appli...

SSL Decryption

I have never configured any type of SSL decryption so how do I check for it, what all can be configured to use it and is there decryption that occurs by default with no configuration

jdprovine by L4 Transporter
  • 7746 Views
  • 8 replies
  • 0 Likes

Resolved! Move VPN DHCP off Palo Alto

We are currently running DHCP off of our firewall for all external VPN users. I would like to move this DHCP to our 2019 windows servers. I have looked around trying to find out how to move this but can't find much. Can someone point me in the right direction?

Resolved! How NAT Oversubscription works?

Hi experts, I am trying to understand how NAT oversubscriptions works in Plao Alto. What will be its exact use case and how firewall behaves in default settings?

Vikashh by L2 Linker
  • 9254 Views
  • 3 replies
  • 0 Likes

Importing configuration from Panoram shared template to a single PA-VM

Hi,I am setting up a PA-VM50 that is in an isolated environment solely for testing any changes before we deploy to our production physical Palo's managed by Panorama template and template stack in a device group.I would like to save myself a heck load of time by being able to import most of the object configuration and pre-rulebases. I don't min...

Resolved! Workaound for PAN-OS: Predictable temporary file vulnerability

There is no workaround available for this vulnerability https://security.paloaltonetworks.com/CVE-2020-1981A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation.This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS ...

Deepak_K by L3 Networker
  • 2914 Views
  • 1 replies
  • 0 Likes

TCP 3-WAY Handshake vs TCP Half-Open

TCP 3-Way handshake – TCP is a connection-oriented protocol, a connection needs to be established before two devices can communicate. TCP uses a process called three-way handshake to negotiate the sequence and acknowledgment fields and start the session. Here is a graphical representation of the process. The three way handshake process consists ...

SutareMayur_0-1583080012609.png
SutareMayur_1-1583080012619.png

Resolved! NAT rules for Email exchange/Email Gateway

Hi Everyone, I have two IP addresses used for inbound/outbound emails on our email gateway.I have created the attached rules NAT and Security and I wanted to get opinions if its correct because I tested it and it seems something wrong that prevent emails from in/outbounding and even the web mail access did not work...your advice please.thanks

NAT Rules.JPG
Security policy.JPG

Drops in packet capture

Hello Team, I have a question regarding drops during the packet capture. What is the packet drop means - Firewall dropping any packet or firewall detect drops packet.? Once i performed the packet capture at the same time i have run the command global counter but i didn't get any drop in counter. So could you please let me know what is the meanin...

Resolved! Zone Rename effects on Panorama and Managed Devices

Hello Everyone I have simple but very important questions about an eventual Zone Renaming in a Template commited and pushed from Panorama to a Managed devices: 1. Changing Zone names inevitably will have an impact on an active sessions ? https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1cCAC 2. In PAN-OS 9.0 could I ...

Resolved! Aggregate Interface Trouble Shooting

My environment has Palo Alto Firewalls that has Aggregate Interface configuration and use. There are infrequent issues with them and I have some questions:What are the tools for trouble shooting Aggregate Interfaces within the GUI (web interface)What are the CLI commands for trouble shooting Aggregate interfacesThanks in advance

rockfort by L1 Bithead
  • 20388 Views
  • 5 replies
  • 0 Likes

Resolved! Assign gateway to PanGP interface

Hi, We have issues with a service using GP. To solve it we add the IP Palo GP tunnel in the PanGP adapter gateway in local machine. Why this is happening? is there any way to configure this pangp gateway from palo alto when user connects in GP?

BigPalo by L4 Transporter
  • 6023 Views
  • 5 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels