General Topics
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics

Discussions

Join Us for a Tech Deep Dive Miniseries!

 

Stop Zero-Day Threats in Zero Time with Nebula PAN-OS 10.2.

 

Join us live for an in-depth look at the latest advancements in cybersecurity, best practices, tips and tricks, demos and
more to protect your business and defend against threats in real

...

nebula-on-demand-tech-deep-dive-miniseries-live-community-banner-2600x600.jpg
jforsythe by Community Team Member
  • 471 Views
  • 3 replies
  • 1 Likes

inbound ssl decryption - multi cert to single ip

Hoping to get a little feed back regarding inbound ssl decryption.

 

We have beeing doing inbound ssl decryption to our public presense on version 8.0.7.

 

Things have been going realitivley well but I am running into some issues and not sure if I can fi

...

clewis1 by L2 Linker
  • 1743 Views
  • 4 replies
  • 0 Likes

Resolved! user-ID cache timeout vs idle timeout on firewall

Hi 

 

1- On firewall, what is the different between cache timeout value (1 hour that cannot be configure) and idle timeout value (which is equal to user-ID agent timeout value)? 

3- if idle timeout value is 480 minutes (8 hours) then what will happen to

...

AD Integration not working after upgrade to 8.1

I recently updated to 8.1 from 8.0.8 on one of my PA-220s. My UserID isn't working any more. I can't login with AD creds either. When I go to the User Identification area the Server Monitoring says "Not connected" This is my secondary device in my HA

...

Resolved! Designing Networks with Palo Alto Networks Firewalls

Hi All technical people ,

 

I have a simple query . I want to use PA firewall in HA and with a single ISP . In this case , as obvious, I need to use a switch in between my firewall and ISP and my understanding is clear upto this point but the real prob

...

IPsec Tunnel

This might be a dumb question but I am going to ask it anyway, otherwise I may never know.  I want to replace an ASA 5510 firewall IPsec VPN into a PCI network using Palo alto. What is the best way to approach that? 

jdprovine by L4 Transporter
  • 1281 Views
  • 10 replies
  • 0 Likes

Resolved! Configuring DNS proxy - interface is invalid

I have network sub interface with DHCP enabled, I'm trying to attach DNS proxy to it because I need to resolve a name which is not resolved by the DNS server we are using (say 8.8.8.8) but I'm getting erros:

 

  • Details:
  • Validation Error:
  • network -> dn
...

ibge by L1 Bithead
  • 1141 Views
  • 1 replies
  • 0 Likes

Palo Alto VM 8.0.0 using KVM - 'net_ratelimit callback'

Hello,

 

We are running a PA VM 8.0.0 in a KVM environment and continuously getting this message in Palo Alto console after the VM is up:

 

net_ratelimit xx callback suppression message

It appears it be something to do with the PA VM syslog logging. 

 

Is t

...

Resolved! Disabling GP client but where are the logs kept?

Does anyone know if anything is logged on the firewall side when someone disables the GP client? We require a password to be entered when the client is disabled but I am not finding anything in the system logs that can be related to the event. 

 

Obvio

...

hshawn by L4 Transporter
  • 682 Views
  • 3 replies
  • 0 Likes

Commit with warning

Hi,

when I attempt to apply a commit I receive this warning:

The following component(s) are mismatched with the peer device:
Application Content
Threat Content

 

Why this? If I apply the commit what is the result? Do I have to worry?

I have 7.0.9 version.

 

s_quasar by L3 Networker
  • 1004 Views
  • 6 replies
  • 0 Likes

Log collector Preference List empty on firewall

We have pushed the config from Panorama to firewall to foward logs to log collector. But when we check the status on firewal, it show preference-list as empty. I need help to troubleshoot the issue. We tried to remove the firewall and log collector f

...

Resolved! connect-server-monitor-failure

Hello,

 

We have been experiencing User-ID server monitor connection timeouts to one of our Windows 2008 R2 Domain controllers. The VM domain controller seems fine with all other services (Non Palo).

 
User-ID Agent 8.0.507 installed on the domain contro
...

pic.jpg
Farzana by L4 Transporter
  • 9934 Views
  • 3 replies
  • 0 Likes

Kerberos SSO

Hi community,

I'm trying to setup kerberos sso for captive portal authentication and all my attempts are unsuccessfull. I always redirected to the captive portal web-page. So sso is not working.

 All configs was done step-by step by the guide.

Kerberos

...

Kerberos Server Profile.png
Authentication Profile.png
Captive Portal.png
Authentication policy.png

VM-Series on Azure and SMTP

Hello,

with VM-Series on Microsoft Azure I can not use smtp port 25 for email server profile.

It's possibile to use different port (587 for example) ?

 

I try in the field "Email Gateway" to use ip:port .... but not seem's to work ...

 

 

Thanks

Manuel

Is it possible?

Is it possible that the traffic which fall under the rule interzone-default get action ALLOW ?

How it is possible?

Screenshot_1.png
policies-security.jpg
Radmin_85 by L4 Transporter
  • 454 Views
  • 2 replies
  • 0 Likes
Top Liked Authors