General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

2X of PA820 Active/ Passive Design question

Hi All After some advice, planning to have 2 X PA820 pairs of Active/ Passives, Inner and outer firewalls protecting some internal networks. See the diagram, Does the HA2 link pass data plane traffic at all? Or can it? There could be a scenario that one set of FW's can failover and the primary unit of one trying to speak to the standby unit of ...

Capture.JPG

Global Protect Policy enforcement

Hi All , I have an issue Is there a way to use Global Protect to enforce web or URL filtering policies when users are not on the corporate LAN ? for now, when users work remotely , they bypass all web and URL filtering and security policies and download whatever threats they want. Regards

Remove HA config from template of managed firewall pair

Hi,i have a pair of active-standby firewalls, managed by Panorama. My first attempt, when i imported those to panorama, i pushed one template to both firewalls and had issue with HA IPs, causing split brain.I recovered the firewalls and later imported and pushed templates from panorama, keeping separate ones for both active and standby Question ...

josggf by L2 Linker
  • 6153 Views
  • 3 replies
  • 0 Likes

Resolved! PAN-OS 9.0.6 API Curl JSON output

I'm working on a project to get information from the Palo Altos and use it for an input to a SIEM. I'm able to run the below and get XML output.curl -k 'https://<PAN>/api/?type=op&cmd=<show><system><info></info></system></show>&key=<KEY>'I would prefer getting this in json so I tried &...

jwhughes by L1 Bithead
  • 12422 Views
  • 10 replies
  • 0 Likes

Resolved! core file crash info

show system files show -rw-r--r-- 1 root root 653 Dec 2 18:54 all_pktproc_34_8.0.9_37.pcap-rw-rw-rw- 1 root root 30K Dec 2 18:55 all_pktproc_34_8.0.9_37.info how can i know why system crashed? will this crash any outage to MP or data plane?

MP18 by Cyber Elite
  • 16010 Views
  • 5 replies
  • 0 Likes

PAN config for ansible jinja

Hi, I am trying to create a configuration template which I can change certain variables and pushed the config to multiple firewalls.However PAN is not behaving the way I need. I have two problems which seems to be related to PAN's design.1) Even if you fetch the config in set mode and pasted in back in CLI due to strict reference check it fail...

IPSEC VPN Needs to be disconnected when there is no traffic

We have several IPSec tunnels that connect to 4G devices to provide network access in the event of a primary circuit outage. These tunnels do not disconnect after the primary circuit comes back up. Is there a way on the PAN side to disconnect an IPSec tunnel if there has been no traffic on it in a given amount of time?we are using IKE V1 and sta...

snimshad by L1 Bithead
  • 4856 Views
  • 3 replies
  • 0 Likes

What does your general day-to-day running of your PAN environments look like

Hi Gang,We have Palo Alto Panorama and Firewalls and yes all going smoothly, however, It is not the end once it is up and running. So I am keen to read on all what you do in the daily administration of your PAN environments. All I have really, in terms of daily administration is:I've got email alerts configured to say if HA kicks in, will look t...

Resolved! Query on PA acting as load balancer

We are using VM-100 and would like to use this as a load balancer for our Web services. We have checked the link below and would like to know if this EMCP load balance incoming traffic to Web servers? Or does this just load balance egress traffic between 2 different ISP’s? https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g00000...

Resolved! Differnece between Threat Prevention Licenses

Hello everyone, In our environment, we deploy both PA-220's and PA-220R's in the field. Sometimes they are deployed in HA pairs. I noticed that there's two different types of Threat Prevention license available. PA-220 (Non Redundant setup)Mfg. Part: PAN-PA-220-TP-3YR PA-220 (1 device in redundant pair)Mfg.Part: PAN-PA-220-TP-3YR-HA2 PA-220R (...

Resolved! GP client asks to downgrade

Hello, We have PAN OS 8.0.3 with the GP client version 4.0.2 deployed to our clients. This works fine. I've downloaded GP version 4.1.0 on my machine and when I connect it asks me to downgrade to an older version. We haven't uploaded any GP client to the PAN itself. We want to deploy the new version to the users but we don't want them to see thi...

1.png
Farzana by L4 Transporter
  • 19670 Views
  • 6 replies
  • 0 Likes
  • 24401 Posts
  • 123 Subscriptions
Top Solution Authors
Labels