General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Basic Routing on PA-220

I have a new PA-220 for a test lab, and this is my first time configuring any PA device from scratch, so I apologize in advance if I've missed something basic. I have set up the interfaces and I can ping out using the troubleshooting -> ping utility in the web UI, but ONLY if I specify the outside interface IP as the source during the test. ...

Resolved! traffic shaping/qos on palo alto

Hi,We have 400/400 up and down mbps connection, your ISP does not shape the traffic and have asked us to shape it.Applying qos on the outside interface both ways, how would we achieve it? if I only set the egress then i am only setting the speed for outbound traffic not inbound. Also if I do QOS rules is this going to also QOS the Palo Alto VPN ...

Load balancing on palo alto

Hi Guys,I am just wondering if the following scenario is possible Load balancing between the two client VPN Gateways so half the clients connect to one VPN server at site A, and the other half connect to Site B.Palo alto firewalls on both sides.

Minemeld - NGINX reverse proxy

Hi I am trying to setup a minemeld server (docker image https://hub.docker.com/r/jtschichold/minemeld/ ) behind a Nginx reverse proxy. This however is to be hosted on a subpath, however I cant seem to get the authentication to work (This all works correctly is i don't use a subpath). In other apps, I have the option to set teh app base path etc....

Resolved! Can you Exclude an address from your traffic search?

the following search string ( app eq dns ) and ( port.dst eq 53 ) and ( addr.dst in 8.8.8.8 )searches and displays all dns traffic using port 53 that has the destination ip of 8.8.8.8I would like to know if I can look at all dns traffic traveling on port 53 except the traffic going to 8.8.8.8

Global Protect on Mobile Devices : Certificate based Authentication - Managed by Intune

Hey Team, I am trying to setup GlobalProtect VPN on mobile devices (both IOS and Android). The requirement is to use client certificate authentication for the connectivity.The client Certificate are deployed to mobile devices via Microsoft Intune, While testing, I noticed if I connect to the portal address in the browser, the authentication is s...

Expedition migration tool steps

Hello all, I am planning to migrate our two checkpoint HA clusters (Active-Standby) with Palo Alto with the help of Migration tool. I never used migration tool ever. Can someone brief me steps to be followed for successful migration?

johnde by L2 Linker
  • 3740 Views
  • 1 replies
  • 0 Likes

Resolved! Configure WebGUI certificate from CLI (PanOS 9.0)

Dear all,lost access to the WebGUI.opaque: websrvr: Exited 4 times, waiting 1770 seconds to retry Before that I received another email from the firewall:opaque: Shared certificate xxx and corresponding key have expired.(OK, I know, my fault) So I suspect that this is the reason for the web server failing. All instructions I found so far talk abo...

high MP CPU load due to appweb3 process

PA-5020, sitting on 8.0.4.From time to time MP load increases rapadily due to appweb3 process going above 300%. Looking like this: There is no direct correlation found between the spikes and actions taken within the GUI. Spike may go on for a while - 20 minutes, 2 hours, 5 hours, etc. During that time GUI is still usable and everything is operat...

cpu-load.png
nikoo by L3 Networker
  • 9552 Views
  • 4 replies
  • 0 Likes

QOS Bandwidth Limitation Download & UPLOAD

I would like to understand bandwidth limitation steps on Internet download and upload Example - lets say i want to restrict steaming url category on download and upload 1. create QOS policy to map traffic going to inside to Internet youtube as Class 8 with DSCP marking2. Create QOS Profile with class 8 to egress max/guaranteed3. Apply QOS Inte...

kan0062 by L1 Bithead
  • 8406 Views
  • 1 replies
  • 0 Likes

Resolved! After Forward Trust certificate is renewed

After Forward Trust certificate is renewed is there a way to validate the renewed certificate is working correctly from either GUI or CLI?Device > Certificate Management > Certificates > Forward UNTrust Certificate

GP prompts for internal gw connectivity

Hi all, I've deployed a GlobalProtect installation solely for the purpose of User-ID. The GP agent connects to the internal portal/GW (one box) upon login with Kerberos SSO. However, when the internal gateway is not reachable (user has no network, user isn't on-prem), the GlobalProtect Agent notifies the user about this (no network / can't reach...

GP GW Prompt.png
Arne-VDH by L3 Networker
  • 10132 Views
  • 12 replies
  • 0 Likes
  • 24390 Posts
  • 123 Subscriptions
Top Solution Authors
Labels