General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Configure WebGUI certificate from CLI (PanOS 9.0)

Dear all,lost access to the WebGUI.opaque: websrvr: Exited 4 times, waiting 1770 seconds to retry Before that I received another email from the firewall:opaque: Shared certificate xxx and corresponding key have expired.(OK, I know, my fault) So I suspect that this is the reason for the web server failing. All instructions I found so far talk abo...

high MP CPU load due to appweb3 process

PA-5020, sitting on 8.0.4.From time to time MP load increases rapadily due to appweb3 process going above 300%. Looking like this: There is no direct correlation found between the spikes and actions taken within the GUI. Spike may go on for a while - 20 minutes, 2 hours, 5 hours, etc. During that time GUI is still usable and everything is operat...

cpu-load.png
nikoo by L3 Networker
  • 9573 Views
  • 4 replies
  • 0 Likes

QOS Bandwidth Limitation Download & UPLOAD

I would like to understand bandwidth limitation steps on Internet download and upload Example - lets say i want to restrict steaming url category on download and upload 1. create QOS policy to map traffic going to inside to Internet youtube as Class 8 with DSCP marking2. Create QOS Profile with class 8 to egress max/guaranteed3. Apply QOS Inte...

kan0062 by L1 Bithead
  • 8429 Views
  • 1 replies
  • 0 Likes

Resolved! After Forward Trust certificate is renewed

After Forward Trust certificate is renewed is there a way to validate the renewed certificate is working correctly from either GUI or CLI?Device > Certificate Management > Certificates > Forward UNTrust Certificate

GP prompts for internal gw connectivity

Hi all, I've deployed a GlobalProtect installation solely for the purpose of User-ID. The GP agent connects to the internal portal/GW (one box) upon login with Kerberos SSO. However, when the internal gateway is not reachable (user has no network, user isn't on-prem), the GlobalProtect Agent notifies the user about this (no network / can't reach...

GP GW Prompt.png
Arne-VDH by L3 Networker
  • 10174 Views
  • 12 replies
  • 0 Likes

Resolved! API - Manage Users for VPN access

Hello Community, i'm currently planing a project which should be able to control the VPN user access via the API.It should be a simple tool where you just need to click a single button. The tool then activates or deactivates the user for that VPN via the API.How do i activate/deactivate local user on the PA with the API?I've already searched thr...

JustAGuy by L1 Bithead
  • 4728 Views
  • 3 replies
  • 0 Likes

Resolved! TCPDUMP execution

Hello, I have to do a TCPDUMP to test the communication of my Active Directory because a have a problem with the User-ID service. I have read the documentation and I don't understand when says that the TCPDUMP captures the traffic that traverses the MGT interface. So what happens with the traffic that traverses the data plane and not the manage...

iscott by L2 Linker
  • 3270 Views
  • 1 replies
  • 0 Likes

Resolved! Static Route Path Monitoring Clarification

Hi, Let's say a scenario where I have a default route configured to go out interface 2 with a Metric of 10 Then I have another static route to go out interface 3 with metric of 5. On this route I setup path monitoring to ping an ip address that is accessible to both interface 2 and interface 3. Does the static route path monitoring ensure that i...

Resolved! NCAA 2020 App-ID

Is there any timeframe for when the new NCAA app-id's released for March Madness? I found the 2017 app-is signatures, and a link for the 2018 signatures but was not able to access the files.

Global Protect Sign Out function

Running PanOS 8.1.1 & GlobalProtect Agent 5.1.0 & connect method Pre-logon (Always On) When connected and authenticated to my VPN from an external network - all is good. I can restart with a connection to my internal WiFi and my VPN connection shows Internal (because I have Internal Host Detection configured). If I then open the GP app...

Whys is Passive peer still passing traffic?

When I go to Monitor > Session Browser I still see active connections on the pasive peer. I verified it is truly the passive firewall and the other is active and that its supposed to be in Active/Passive mode in the HA configuration. Running the show session all command reveals the same thing. All time stamps are current.

Resolved! Problem Deploying new content version to log collectors

Last weekend, I worked with a client to upgrade their Panorama (HA) from 8.1.6 to 9.0.6. Everything went smoothly. This weekend the plan was to upgrade the log collectors ( 2 M200s) When installing 9.0.6 on the log collectors it complained that the log collectors needed to have a more current version of content then they currently had. Unfor...

Resolved! Panorama Integration with PA HA

Hi, I am new to Palo Alto and want to do Palo Alto integration with our Panorama. need some guidelines for the same. and do we need to break HA for this process? Let me know if any other inputs.

BK0007 by L2 Linker
  • 4890 Views
  • 4 replies
  • 0 Likes
  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels