General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Add config to cluster managed by panorama

Hi, we have to add SNMP profile traps config to cluster PA. This cluster is managed by panorama and have the most of the config done in panorama. So we are thinking to add this snmp traps new config directly in the FW, so it would any issue is we apply a commit in the fws for not using panorama? .we are afraid to overwrite panorama config

BigPalo by L4 Transporter
  • 2203 Views
  • 1 replies
  • 0 Likes

cli scripting mode without strict check

Hi, sometimes you have set cli config that you want to paste in CLI mode but in some occasions order of the commands is not correct. For example something like below. For the followingto work address object must be above the group otherwise you will get reference error. In Juniper you can just past them as CLI doesn't do the entire check during...

SSL Decryption

We are doing SSL decryption in another Vsys for the traffic published over the internet based on SSL. We need to know if the high utilization is due to that SSL decryption happening in another Vsys ? as we are planning to move this SSL decryption setup from palo alto to another firewall, will it help to reduce the overall utilization on firewall?

SSL VPN USERS LIMIT

Hi Team, May I know, what users limit in Palo Alto PA-220, Currently VPN connection is maximum 21 (from 10.0.0.100 – 10.0.0.120). But now, users request need more SSL VPN users. What need to do is buy a license or what.? Thanks

application override VS service

I have new application.I need to know what is the difference between application override policy and the security policy by using the service port number both are stateful inspection firewall at Layer-4? Service:Allows you to select a Layer 4 (TCP or UDP) port for the application. You can choose any, specify a port, or use application-default to...

Application Override Video & Voice

We have Palo Alto firewalls, version 8.1.x. We heavily use Webex (application and physical boards), Jabber, and MS Teams both in the Corporate office and by GlobalProtect VPN users. I'm considering using Application Override for many of these Voice and Video applications, especially I see a large amount of cisco-spark-audio-video App-ID traffic ...

How to physical link down when rollback

Hi, I am using the 5.x version of paloalto.HA is Actvie(FW1) - Passive(FW2) configuration and use link group.For example, failover occurs when the wan link goes down. (FW2 / Actvie)When the wan link is up rollback.(FW1/ Actvie) At that time, the entire physical link down fw2 was about 1 minute.I was using it this way.but I am working on changin...

Upgrade Palo Alto via Panorama

Hello, We have 100 Palo altos firewall that we would like to upgrade via Panorama to 9.0.7, I am trying to create a group based on the prisority of upgrade to push the device>deployment >software package. Is there a way from Panorama 9.0.7 to create a groups a populate the firewall we want to upgrade? instead of selecting each one individu...

Hani2903 by L0 Member
  • 2771 Views
  • 2 replies
  • 0 Likes

Paloalto home lab

Hi community,I want to create Palo alto home lab i have PA installed to VMware workstation on laptop. now I want to connect one interface of Palo alto to wifi and one interface to my local laptop on which Palo alto image is running so I can filter Traffic going towards internet.

Refund request for VM-Series Next-Generation Firewall Bundle 1 (sold by Palo Alto Networks Inc.)

I have used VM-Series Next-Generation Firewall Bundle 1 (sold by Palo Alto Networks Inc.) in AWS for learning purpose . But its charged me $320 that I can't afford. amount automatically deducted. I contacted with AWS and they waived off their billing part. But, they suggested to get in touch with Palo Alto so that PA can approve and send the for...

PMANDAL by L0 Member
  • 2606 Views
  • 2 replies
  • 0 Likes

Resolved! AAA Server Limit

Hi all, Do we have a similar limitation with Palo Alto Networks? If so, where can I find this information? Increased limits for AAA server groups and servers per group.9.13(1)You can configure more AAA server groups. In single context mode, you can configure 200 AAA server groups (the former limit was 100). In multiple context mode, you can conf...

Resolved! Using LDAP groups with GlobalProtect

What's the magic incantation needed to use LDAP groups in the GlobalProtect Portal user/group list? Instead of listing all umpteen dozen individual users. I have a working GP Portal and multiple Gateway setup, using LDAP for authentication. I have a working Group Mapping setup using groups from LDAP. I can use "show user group list" and see al...

fjwcash by L4 Transporter
  • 9186 Views
  • 4 replies
  • 0 Likes

Virtual wire with Vlan trunking and vlan mapping

Hi all, I currently have a palo alto that is connected to my switches.The palo alto is configured as a virtual wire, and the WAN side of the palo alto is connected to VLAN 10, the LAN side is connected to VLAN11This allows me to quickly move customers in that VLAN in front of or behind the firewall by just changing their access port on the switc...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels