General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! forcefully logout all GP users from gateways

Hi Anyone, I'm trying to logout all GP VPN users forcefully logout from the gateway either doesn't logout users or no errors throwing on command as well >request global-protect-gateway client-logout gateway gp-gateway reason force-logout user * computer * Login & logout time is same before and after execute this commands. Please let me kn...

Karup by L1 Bithead
  • 11846 Views
  • 4 replies
  • 0 Likes

SSL Inbound Decryption and PA

Hi Everyone, Learned something new from you today.We are going to enable SSL decryption for Inbound traffic coming from Internet to our web servers.Need to know when does PA intercept the traffic coming form Internet to the web server which is hosting the website? During 3 way TCP handshake or when first Data packet comes? RegardsMP

MP18 by Cyber Elite
  • 3151 Views
  • 3 replies
  • 0 Likes

Eventid eq routed-OSPF-neighbor-down

PAN-OS - 8.1.12 Want to understand the below Massage and Why it occurs ?? >less mp-log routed.log 2020-04-15 09:28:05.296 +0400 TM_SPF: start full SPF calculation rid 172.16.80.162020-04-15 09:28:05.296 +0400 TM_SPF: Do the full SPF calculation rid 172.16.80.162020-04-15 09:28:05.296 +0400 TM_SPF: full routing calculation finished rid 172.16....

PAN GPA Service issue error - return error code = 10061.

PAN GPA is giving error , checking service on PC it reports stopped when I try to connect through agent. Tried to uninstall and install again , did not help. anyone faced same issue ? T14992) 04/17/20 08:50:44:186 Debug( 692): CAC, name is DigitalMediaDevices(T14992) 04/17/20 08:50:47:523 Info ( 246): InitWinConnection ...(T14992) 04/17/20 08:5...

Resolved! Configuration of Security Profiles

Hello, I have a question related to the actions that I can configure in Security Profile. Specifically, Vulnerability Protection. What happens if I set the action as "Alert"? Will it drop the connection? Or the connection will be permitted, and it just logs the traffic of the malicious action executed? Regards,

iscott by L2 Linker
  • 2763 Views
  • 1 replies
  • 0 Likes

Active/Passive vs. Active/Active

I am currently working on a network redesign project with all Cisco gear. Our network engineer is opting for a complete HSRP Active/Active environment. According to all deployment documentation, HA Active/Passive seems to be the preferred methed for the Palo Alto's. I see that the PA's do support A/A HA using VRRP, so I do not see a configuratio...

Resolved! Need Upgrade Tips

I am planning to upgrade Panorama and my few HA clusters to version 9.0.6. Currently all these are on 9.0.3-h3.Need your experience on 9.0.6 if anyone is already running on it. Is there any unknown issue/bug observed on this version?I have completely aware of known issues but just wanted to check if anyone observed any bug on this version and cr...

johnde by L2 Linker
  • 5816 Views
  • 4 replies
  • 0 Likes

Resolved! SSL Inbound Decryption and Certificate with Wildcard mask

Hi Everyone, Hope everyone is staying home and Safe.I need to import the certificate and the private keys to the firewall from the web servers.We have this certificate say *.city.ca and this is associated with few websites like maps.city.ca. or recruiting.city.caAll these urls have same public IP address say 209.x.x.x When I import the certific...

MP18 by Cyber Elite
  • 3666 Views
  • 2 replies
  • 0 Likes

Question about Service Route Configuration

I just inherited a PA-820 and know nothing about this device. It's unable to connect to the cloud for updates. Currently it's service route is set as the default (Management Interface). I was told by support to switch it to an untrusted interface to resolve this. I can see how that is done via this article: https://knowledgebase.paloaltonetw...

Cmaddox by L0 Member
  • 4704 Views
  • 2 replies
  • 0 Likes

Cannot check for new Dynamic Updates

Hello, I have a PA-200, version 7.0.10 (I know, too old) I'm planning an upgrade to 8.1, but I understand that I have to download Dynamic Updates before upgrade, am I right? The issue is that I can't Check for Dynamic Updates, I've tried with Check Now, but nothing happened, neither with command request content upgrade check: Version Size Releas...

emendezo by L1 Bithead
  • 6145 Views
  • 6 replies
  • 0 Likes

Files' upload problems

Hi.I'm searching for someone can help me.My problem started when I tried to upload custom logo for the login page.The upload fails becouse the process blocks itself and never ends.I had the idea to try the "Import named configuration snapshot" function in the same web page of PA3260 administration site.Thinking it would be failed, I used the log...

Denied traffic even though GlobalProtect HIP check passes?

Hi all, I have a PA-3020 that is configured for GlobalProtect. All is good as far as being able to connect to the VPN, but once I am connected I find that I'm having issues connecting to servers that are permitted in security policy, but have the HIP Profile attached. If I remove the HIP profile the traffic flows as expected. The HIP profile is ...

PA 820 to PA VM migration

we have implemented PA 820 in one of our client places now we are facing issues in hardware. We need to migrate the entire configuration to the PA VM series firewall. Let us know the procedure to migrate the entire configuration from PA 820 to PA VM Series.

SBAINFO by L0 Member
  • 3238 Views
  • 2 replies
  • 0 Likes

Global Protect with SAML Azure Authentication and disconnect tab on client

We have configured the global protect 5.0.6 with SAML Authentication.It is same authen profile on both portal and gateway. I have unchecked the authentication override on both portal and gateway.Seems when i connect to the client and when i disconnect it does not send me push notification on phone?Is this the default behaviour? When i click on s...

MP18 by Cyber Elite
  • 5921 Views
  • 5 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels