General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Alert if same traffic log entry is repeated N times..

We have had an instance of a third party having an issue with their system that generated repeated traffic over and over 17K 5 times a second, constantly.

 

I can match the traffic in the log fairly easily. 

 

How can I set up an alert for that to go to

...

PAN-OS 9.0 Released - Stop and Think

Today Palo Alto Network officially released PAN-OS 9.0 to the general public. Some of you may have read posts recently regarding features that have leaked out from the beta, and if you have any questions those of us that have been participating with

...

BPry by Cyber Elite
  • 14853 Views
  • 30 replies
  • 7 Likes

VPN

Hi.

How to configure VPN that if peer ip and proxy id(remote address) is same.

When try connect address traffic don not flow over vpn. When i write route vpn gets down.

URAN_725 by L1 Bithead
  • 2518 Views
  • 2 replies
  • 0 Likes

DNS rewrite matching wrong NAT rule

Think this needs a case.  Open to any suggested workarounds.

 

Connecting two overlapping networks with NAT.  (why? we have to)

192.168.1.0  (zone1) --  PA --  (zone2)  192.168.1.0

policy routing in place, come in zone1 interface go out zone2 and vice ve

...

Source and destination based on NAT using DHCP

Hi,

 

I am setting up a PAN device. On ethernet1/1 I have it set up to DHCP. I then will have a computer connected to ethernet1/9. I want to set up both source and destination based NAT. From what I understand in order to do this I would need to create

...

golariu by L1 Bithead
  • 1709 Views
  • 1 replies
  • 0 Likes

Resolved! Change physical port in Active PAssive PA going to ISP

PA is in Active Passive mode.

 

Current uplink connection from active PA going to ISP is 1Gig.

We need to change the uplink port on the active PA that can support 10gig.

 

What is best method to do this without causing least amount of outage?

MP18 by Cyber Elite
  • 4268 Views
  • 12 replies
  • 0 Likes

Need to clear traffic or reset the tunnel to access

We had site to site vpn tunnels and traffic is always stuck and until unless we reset or clear the traffic the access is not working.

 

Any one have experience . The VPN tunnel never go down only the traffic PA to Sonic wall any recommendation on how t

...

NavidAlam by L3 Networker
  • 4436 Views
  • 4 replies
  • 0 Likes

Decryption Broker with Policy Based Forwarding

Hello,

 

I'd like to know if it is possible to use decryption broker with policy based forwarding on the same interface of the policy based forwarding as the scenarios is as the following :

We have a Bluecoat proxy connected to Palo Alto firewall using

...

Palo Alto - GPVPN - IPSEC b2b

My current role is as a Network Architect and I am working with our security team to get some Palo Alto firewalls setup to provide

GPVPN access and also IPSEC b2b connectivity.

 

Our initial design has a single external public address to host the GPVPN

...

mcronin by L0 Member
  • 4226 Views
  • 3 replies
  • 0 Likes

Limit Download per IP

In NG firewall, is there a way to limit the download per IP per day.

For eg, One Ip should have only total 1GB download/upload usage a day.

It's like somewhat ISP does.

unable to access internet from vlan

Hi,

i am configuring PA-220 software version 8.0.9. i wan to create a vlan and allow them to access the inter net i have seen some video but i am unable to access the inter net i am even unable to ping my vlan gateway. is there any thing i can do ?

 

 

Screenshot (9).png

Error after upgrade of panos 8.0.17 - 8.1.0

After doing an upgrade I get the following error.

 Error: Max. user groups used in policy 1117 exceeds capacity (1000)
(Module: device)
Commit failed

The FW model is a PA-3020

I hope you can help me

 

Thanks.

Alan VG

  • 24191 Posts
  • 101 Subscriptions
This widget could not be displayed.
Top Solution Authors
Top Liked Authors
Labels