General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

PXE boot

I'm trying to get pxe boot to work through the firewall. Now options 66 and 67 are available in palos dhcp server but I can't get it to work anyway.

 

Besdies normal dhcp options I've setup option 66 with IP and ip-address and option 67 with ASCII an

...

Meraki Implementation

Curious if anyone has Meraki and a PAN setup.  We are trying to to link our remote sites to the data center.  At the remotes the meraki is the router then in the data center we have the meraki behind the the PA.  We can establish a VPN tunnel and pin

...

bschaper by L2 Linker
  • 11359 Views
  • 10 replies
  • 0 Likes

Global Protect not connecting to gateway

I have a Pa220 and its using DHCP for untrust interface. I have followed about 40 documents and knowledgebases and still have no success with connecting my iphone to the palo via global protect. I am using self generated cert. I have collected the lo

...

Resolved! How to Stop DNS traffic logs going to Log collector

We have M500 and syslog server getting all the traffic logs.

What we want is do not send DNS logs to M500 only to Syslog server.

Need to know how can i config this ?

 

Currently we have single log forwarding profile.

 

 

MP18 by Cyber Elite
  • 5274 Views
  • 3 replies
  • 0 Likes

Resolved! Is there a way to force Applications Seen to Update?

I'm running PanOS 9.0.3-h3 and I'm creating some new Security Policies.

I like that I can see what applications are getting hit in the rule. 

My only problem is that while I'm testing, I seem to have to wait overnight for the Applications Seen to get u

...

All traffic through LSVPN (or LSVPN route metric)

I want all satellites to route all traffic through VPN tunnel when it's available. In GP gateway if I leave Access Routes emtpy or if I publish 0.0.0.0/0 to the satellite I get the default route with metric 100 on the atellite. But that means the sta

...

santonic by L6 Presenter
  • 6833 Views
  • 6 replies
  • 0 Likes

Policy Optimizer Apps

Is it possible to add the apps seen by the policy optimizer to an application group already created? I feel like this should be easy, but I can't seem to be able to do it. It appears you can create new app groups but cant add to current? Am I missing

...

Resolved! HA2 connection with HSCI port and distance of 30 km

On PA 5520 with active passive mode is it possible to use HSCI port for HA2 connection if distance between active and passive PA is 30 km.

I read some QSFP+ transceiver support 40km with single mode?

 

Need to confirm here if this is possible ?

MP18 by Cyber Elite
  • 4541 Views
  • 2 replies
  • 0 Likes

Resolved! GlobalProtect setup frustration

Hello -

Originally, I was going to setup GP with RSA MFA using this document: "RSA SECURID® ACCESS Implementation Guide Palo Alto Networks Next Gen Firewall 8.0"

 

It is written by RSA and is woefully lacking in detail and after seven hours on the phone

...

Shawverr by L3 Networker
  • 11068 Views
  • 23 replies
  • 0 Likes

Resolved! multi vsys security policy with ANY zone

I am testing multi vsys configurations in my lab and noticed that I am unable to use a source/destination zone of "any" in the device group security policy associated with vsys2.  The default vsys1 accepts "any" zone.  When I attempt to commit/valida

...

Resolved! SQL Cluster Through PA Firewall

We have Palo Alto firewalls with version 8.0 and need to allow SQL Cluster synchronization from one zone to another. The servers are Windows 2016 with MS SQL 2016. I'm not a SQL expert but tasked with a firewall rule between these clusters. I appreci

...

  • 24008 Posts
  • 102 Subscriptions
This widget could not be displayed.
Top Liked Authors
Labels