General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Traffic-Log refreshs is broken when using long filters

Hi Community, I often have the problem, that the traffic log view is refreshing automatically when using long queries.I have the auto-update set to manual but after seeing the first filtered log entries, the whole log-area refreshes - very annoying. I'm using Chrome with two tabs and this happens in that case on PAN-OS 8.0.5 Does anyone have sim...

Chacko42 by L4 Transporter
  • 7316 Views
  • 8 replies
  • 0 Likes

Resolved! NAT RULE - IPsec VPN

Hello all,I am implementing an IPsec VPN and I have to NAT the source IP address, but I am very confused with the bidirectional source NAT,Lets say my local IP=192.168.1.1 (natted to 1.1.1.1), remote IP in the other side of the VPN= 10.10.10.1For example If I configure: Src Zone Src IP Dest Zone Dest. IP ...

joseglez by L1 Bithead
  • 10368 Views
  • 4 replies
  • 0 Likes

PA-5050 8.1.11 Inter Vsys traffic

Hi all, We got a Palo Alto 5050 active/passive HA configuration with two vsys with a lot of inter-vsys traffic.Our DP1 is running at 100% during working hours. I am convinced that the problem is that inter-vsys traffic can't be offloaded to hardware. If i configure physical interface 1 and 2 to vsys1 (L3) and physical interface 3 and 4 to vsys 2...

No valid URL is filtering license warning message After Adding RMA device

I have replaced the active device due to hardware fault now I had received RMA box and added to the network, Then I did the Setup, License Transfer, and High Availability successfully. After pushing the configuration to the new RMA box. But there is one issue I am facing. When committing any configuration and commit are successful Result, but I ...

GlobalProtect linux

I'm trying to get the linux client to always connect. Manually running a shell script to check if globalprotect is running and then connecting again works. But if I run this same script with @reboot from crontab -e it never connects, until I actually log in to the console. Has anyone managed to do this with the official GP client.

yuyugoqo by L0 Member
  • 4493 Views
  • 3 replies
  • 0 Likes

adding zone and subinterfaces

Hello I have panorama 9.0.4 and palo alto fw 8.1.7 we are not using templates I have to create 6 zone and subinterfaces . So do i need to create them locally on the firewall ? Will it get sync to panorama automatically ? or do i have to do something to sync with Panorama ? or do i have to load the device to panorama and change the context to th...

Global Protect SSO with Pre-login using Certificate Issue

We are rolling out GP with SSO with Pre-login using certificates as of last week. The GP agents are connecting at pre-auth and subsequently doing SSO once the user signs in with cached credentials. After the weekend, we are having multiple users reporting they cannot login. We are seeing lots of events 'globalprotectportal-auth-fail' with desc...

Resolved! Block email attachment from specific domain

Hello experts, Is there any way in Palo Alto to block email attachments coming from specific domain?Lets say i want to block all email attachments which are coming from *@xyz.com. Is it possible?

Vikashh by L2 Linker
  • 9002 Views
  • 5 replies
  • 0 Likes

Globalprotect is greyed out on maOS Catalina

Globalprotect stopped working on user's Macbook. After reinstalling Globalprotect (version 4.0.5-8) on macOS Catalina in version 10.15.4, it is not possible to click on Connect, even the window for writing username and password is not displayed. All options in the application are grayed out. Please provide some solution. Anna Strupiechowska, IT ...

MicrosoftTeams-image (31).png

TLS Vulnerabilities.

Hi I am running Minemeld on Ubuntu 16.04 The server is starting to show up in Vulnerability Scans depsite updating Ubuntu. This is a list of the Vulnerbilties. TLS Server Supports TLS version 1.0 TLS Server Supports TLS version 1.1 Diffie-Hellman group smaller than 2048 bits TLS/SSL Birthday attacks on 64-bit block ciphers (SWEE...

Global Protect Gateway

Hi everybody, I'm getting through this issue: although we have 3 gateways configured in our portal, my GP client allways connect to the same one. How to deal with this client behavior?Tks in advance

Email Alerts for Reporting

How we can set up email Alert for report We have an O365 email environment that is based on Azure Cloud. looking for Email alerts for reporting and My Email ID has MFA for accessing the emails. Now I have applied my Email ID in the Palo Alto 3060 for report sending. after applying Email Profile and Attempt to test the Email-scheduler. An Error t...

Resolved! Keeping UID to IP address Associations Current - A.K.A. UID Refreshes / Timeouts / Confirmations

This is a question about how a firewall, FW, keeps IP to UID associations current/up-to-date in an environment where such associations might be changing every few seconds. A FW associates a UID with an internal IP address, e.g. 10.10.10.10, which has no UID associated with it. Let's say that I logon as ipj1965 from 10.10.10.10. The first time a ...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels