General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! config push from panorama to HA PA

 

New configuration  is pushed from Panorama to a pair of firewalls that are configured as an active/passive HA pair.

will both PA active and passive syn theconfig ?

 

 

MP18 by Cyber Elite
  • 5564 Views
  • 2 replies
  • 0 Likes

Pre-Logon Machine Certificate placement

When doing pre-logon with machine certificate, where does the certificate need to be placed? Documentation says to put it into computer>personal, but i am unable to do this via GPO directly. Can it be placed into any of the other stores?

welly_59 by L3 Networker
  • 1071 Views
  • 1 replies
  • 0 Likes

Switch Redundancy at Access Layer

This is a bit off topic, but I thought some folks might have some knowledge and wisdom to offer. 

 

Where I work we're working dilligently to provide robust resiliency and redundancy for our firewalls using dual powersupplies, HA, and multiple ISP circ

...

locampo by L2 Linker
  • 4567 Views
  • 12 replies
  • 0 Likes

Problems with SIP

Hello

We have 3CX server - IP telephony inside the network.When we pass the SIP traffic through PA it gets problems

We try to connect through SIP :5060 port o outside server on ISP side but it doesnt work

we made application override and also disabled A

...

Radmin_85 by L4 Transporter
  • 1274 Views
  • 2 replies
  • 0 Likes

User-ID agent and SSL Error

I have been getting a ton of email alerts with issues with user-id agent and ssl connection errors even though the status is "green" showing "connected." I have verified the cert is valid and it is a self signed cert valid until Feb 2019. I have perf

...

Resolved! application dns and action reset both

 

need to understand deeply reset both action by PA for dns query in threat logs

I know PA send the tcp fin to both ends.

 

But client who is doing dns query if it does not get reply what does it shows there ?

does the client again makes query?

 

or does PA

...

MP18 by Cyber Elite
  • 2734 Views
  • 11 replies
  • 0 Likes

Resolved! suspend active panorama when passive panorama is rebooting

 

If passive panorama is going through reboot.

 

Active Panorama  shows passive panorama as unknown   

 

what will happen if i suspend the active Panorama ?

 

will all the firewalls connected to the Active panorama will get disconnected?

MP18 by Cyber Elite
  • 1637 Views
  • 6 replies
  • 0 Likes

Resolved! Source Users and Source Users Reported as "None" By FW

Hello,

I'm on version 8.1.2,  in ACC tab I do have a User Activity "widget" or pane that shows Source User, Destination User, Bytes, Sessions, Threats, Content, URLs and Apps. Always the Source User, presents "None" for Source User and also I see "Non

...

Restrict network access for mobile devices

Hello,

 

I have an environment where mobile devices are managed using MobileIron. I want to restrict network access such that the only mobile devices that can connect are managed and belong to a known user.

 

What is the best way to approach this problem

...

mikembau by L0 Member
  • 947 Views
  • 1 replies
  • 0 Likes

Resolved! GlobalProtect - To which ethernet interface? WAN Facing?

Greetings,

I am setting up GP on a small home office PA220 .  I have a single E 1/1 Untrusted L3 interface that is internet facing.

My logic tells me this interface should have the GP configured on it.  However, the documentation and video turtorials d

...

catrock by L2 Linker
  • 2803 Views
  • 6 replies
  • 0 Likes

Almost all traffic identified as unknown-tcp?

We are seeing some of our Palo's periodically logging (almost) all traffic as unknown-tcp.

 

As the traffic is being allowed through (and logged against) rules that do not allow it we assume this is a problem with the logs, rather than traffic being mi

...

apackard by L4 Transporter
  • 2755 Views
  • 4 replies
  • 1 Likes
Top Solution Authors
Top Liked Authors