General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! core file crash info

show system files show -rw-r--r-- 1 root root 653 Dec 2 18:54 all_pktproc_34_8.0.9_37.pcap-rw-rw-rw- 1 root root 30K Dec 2 18:55 all_pktproc_34_8.0.9_37.info how can i know why system crashed? will this crash any outage to MP or data plane?

MP18 by Cyber Elite
  • 15999 Views
  • 5 replies
  • 0 Likes

PAN config for ansible jinja

Hi, I am trying to create a configuration template which I can change certain variables and pushed the config to multiple firewalls.However PAN is not behaving the way I need. I have two problems which seems to be related to PAN's design.1) Even if you fetch the config in set mode and pasted in back in CLI due to strict reference check it fail...

IPSEC VPN Needs to be disconnected when there is no traffic

We have several IPSec tunnels that connect to 4G devices to provide network access in the event of a primary circuit outage. These tunnels do not disconnect after the primary circuit comes back up. Is there a way on the PAN side to disconnect an IPSec tunnel if there has been no traffic on it in a given amount of time?we are using IKE V1 and sta...

snimshad by L1 Bithead
  • 4854 Views
  • 3 replies
  • 0 Likes

What does your general day-to-day running of your PAN environments look like

Hi Gang,We have Palo Alto Panorama and Firewalls and yes all going smoothly, however, It is not the end once it is up and running. So I am keen to read on all what you do in the daily administration of your PAN environments. All I have really, in terms of daily administration is:I've got email alerts configured to say if HA kicks in, will look t...

Resolved! Query on PA acting as load balancer

We are using VM-100 and would like to use this as a load balancer for our Web services. We have checked the link below and would like to know if this EMCP load balance incoming traffic to Web servers? Or does this just load balance egress traffic between 2 different ISP’s? https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g00000...

Resolved! Differnece between Threat Prevention Licenses

Hello everyone, In our environment, we deploy both PA-220's and PA-220R's in the field. Sometimes they are deployed in HA pairs. I noticed that there's two different types of Threat Prevention license available. PA-220 (Non Redundant setup)Mfg. Part: PAN-PA-220-TP-3YR PA-220 (1 device in redundant pair)Mfg.Part: PAN-PA-220-TP-3YR-HA2 PA-220R (...

Resolved! GP client asks to downgrade

Hello, We have PAN OS 8.0.3 with the GP client version 4.0.2 deployed to our clients. This works fine. I've downloaded GP version 4.1.0 on my machine and when I connect it asks me to downgrade to an older version. We haven't uploaded any GP client to the PAN itself. We want to deploy the new version to the users but we don't want them to see thi...

1.png
Farzana by L4 Transporter
  • 19659 Views
  • 6 replies
  • 0 Likes

Resolved! Panorama Logging Behind

Hi all, The issue that I am having is that all my firewall logs in Panorama are behind in time. I have tried multiple KB articles and support basically went through all the KB articles I found such as restarting the management service, stopping and starting the logging service, and even rebooted our Panorama. After rebooting our Panorama I sta...

How to drop or reject an OSPF route in PA 3000 series if it receives a route from another vendor FW

In the data center end, the Cisco ASA firewall is advertising the OSPF route and at the perimeter end Palo alto receives the route, and PA will be forward that route toward Internet communication. Expectation, if any, specific route received by Palo alto, it should be rejected or drop on Palo alto itself. Should not forward to any next hop. How ...

Resolved! Logging Discarded Traffic

Hello,I had recently had an issue where I had to move a syslog server behind a cluster of PA-5250.This syslog server receives logs from different equipements (~ 100GBytes per day) so there is an enormous amount of udp syslog events received by this server.When the server was behind this cluster, I was not receiving any logs. After some troublesh...

Nico-UBX by L0 Member
  • 3974 Views
  • 2 replies
  • 0 Likes

Resolved! How to see all the set commands for an IPsec tunnel?

I need to get the display set of all the commands for an IPsec tunnel, like I'd do with a Juniper SRX, but get no return whenever I try to see the commands set for the tunnel. Seems like the tunnel hasn't even been configured, but it shows under ike sa and ipsec sa. I'm sure that's because I'm new to PA. I just need to duplicate a tunnel and eve...

Raydar by L0 Member
  • 5609 Views
  • 1 replies
  • 0 Likes

WebEx prototype

I'm trying to create a custom prototype to get the CIDRs from https://help.webex.com/en-us/WBX000028782/Network-Requirements-for-Webex-Teams-Services#Spark%20IP%20subnets%20for%20media/ I used the examples in https://live.paloaltonetworks.com/t5/MineMeld-Articles/MineMeld-to-Extract-Indicators-From-generic-API/ta-p/218757 and I'm using the ...

alterioc by L2 Linker
  • 3453 Views
  • 1 replies
  • 0 Likes
  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels