General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 2876 Views
  • 2 replies
  • 14 Likes

SMTP Inbound Decryption

I am trying to setup inbound decryption for SMTP (TLS) using the default Decryption Profile.

What destination IP address do I use in the Decryption Policy: public pre-NAT or private post-NAT?

 

Regards,

Han.

 

Han.Valk by L2 Linker
  • 2544 Views
  • 2 replies
  • 0 Likes

Interface shutting down

I have a VM-100 running 8.0.12.  I inherated this configuration from the previous network engineer.  I am quite new to PAN-OS and have found that an interface that faces the Internet is shutting down.  

I can cycle the port in the GUI, and able to pin

...

2 ISP, 1 production & 1 Guest

Question for the community.

I have a site with 2 ISP, 1 circuit is a crappy 10mb circuit I want to use for just guest wireless.

 

Is it possible to run 2 ISP on a PA220 and keep the NAT and security seperate? 

 

dualisp.png

HA2 goes down when Enabling Session Synchronization

Hello Palo Alto Community,

I'm deploying a HA Pair of Palo Alto VM Serie (hosted on my infrastructure) and I'm being blocked by a situation I don't understand.

  • HA1 is UP and the two member can see each other. I'm using the management interface as HA1 i
...

Resolved! OSPF in a Active/Passive Firewall setup

Hi,


I have a lab with a active/passive Palo Alto firewall setup. I have had a look at the Palo Guide for setting up OSPF at:

 

https://knowledgebase.paloaltonetworks.com/servlet/fileField?entityId=ka10g000000D8HwAAK&field=Attachment_1__Body__s

 

From this

...

vvadia by L1 Bithead
  • 6558 Views
  • 2 replies
  • 0 Likes

URL Identification

Hi

 

i have a question about URL Identification.

 

i use url object in security policy and no use ssl decryption

 

if no SNI is present and there is no CN enrty,

 

how can identify URL?

 

thanks.

hbshin by L2 Linker
  • 4585 Views
  • 3 replies
  • 0 Likes

What is "cdt_token" process?

Hi there,

 

Quick question. I'm currently troubleshooting a PA 3020 in version 8.0.12 for one of my customer. Its PA has huge DP CPU usage (arround 80%). I try to figure out the reason of this usage.

I've isolated the "ctd_token" process which is a big

...

epavis by L1 Bithead
  • 5065 Views
  • 6 replies
  • 0 Likes

DNS license and PAN OS 9.0

 

During Ignite we were told that DNS is coming as license service in PAN OS9.0.

Need to know is this service different from dns sinkhole?

 

IF it is how it is ?

MP18 by Cyber Elite
  • 2519 Views
  • 3 replies
  • 0 Likes

Traffic dropped due to old discarded session

 

We have traffic rule to allow the traffic but seems traffic is dropped by the PA when i did pcap.

then from cli i did show session all filter source  there i see old session from april in discarded state.

i ran the command few times and this session w

...

MP18 by Cyber Elite
  • 2031 Views
  • 2 replies
  • 0 Likes

Panorama pulling in vmware objects

I'm just wondering if there is a way for panorama to talk to vmware to pull in the virtual systems and tags for quicker deployments much like it can do with AWS. I have been looking around but I haven't seen anything specific and help would be great.

murphyj by L2 Linker
  • 2003 Views
  • 1 replies
  • 0 Likes

deny telnet command but permit JDBC protocol

We have an internal discussion about whether it is possible to block the 3 way hanshake TCP but allow the JDBC application protocol.
In other words we would like to block the test of the port with the command "telent address port" but we would like th

...

cata86 by L0 Member
  • 3514 Views
  • 2 replies
  • 0 Likes

SSL Certificates from enterprise CA

I will admit, certificates are one of my bigest hates.. I just can't get on with them

 

Firstly we have a microsoft EnterPrise CA. Which I am not overly familiar with anyway ( But I have managed to get the web interface workig on it...)

 

Idealy what I w

...

  • 24014 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors