General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Is it safe to allow SSH from internet to DMZ?

We have a server in our DMZ that is allowing from the internet the SSH application via our Palo Alto firewall. The server in the DMZ is very well locked down and the application on the server that facilitates the SSH session is a highly rated 3rd party application that allows vendors to connect to servers in your network. I've read and heard how...

roma by L2 Linker
  • 8573 Views
  • 3 replies
  • 0 Likes

Resolved! GlobalProtect and DUO SAML causing multiple login windows

I am having an issue where, when trying to build out DUO SAML 2FA for GlobalProtect, I get multiple login prompt windows for DUO, and none ever authenticate through and allow me to connect. I've gone through the youtube video from DUO on how to set it up, but it still always continues to send multiple DUO saml prompts and I cannot connect. Has a...

PA 7xxx Hardware specs

Good Day, The PA-7000 datasheet states that we could have a total of 17000 security zones and a PA-7000-20GQXM-NPC can have 4000 security zones per card. If we install a total of 6 PA-7000-20GQXM-NPC into a PA7050 chassis would we be able to have 24000 security zones or only 17000 as advertised in the datasheet? If we cannot then please can you ...

Lance by L2 Linker
  • 2520 Views
  • 1 replies
  • 0 Likes

Change hostname panorama

Hello ; One of our customer is having a requirement to change the host name of Panorama ( Standalone) The firewalls are integrated using the IP address of Panorama . Will there be any impact or what are the steps to be performed to change the hostname of Panorama?

PA Migration

Hi ; One of our customer is Migrating all the vlans which are currently on PA 3020 ( Acting as L3) to another firewall in their DC PA 3060 .There are around 15 vlans which are directly connected networks on PA 3020 . So we will be extending those vlans to DC and make the subinterfaces on DC PA 3060 / Shut down the subinterfaces on PA 3020 and m...

Video conf webex

Hello , we have got one issue . While we dial from webex internal to outside webex number : sometimes the webex connection created ; sometimes black screen and sometimes no connection created. Got below error on webex The far end system does not support the requested channel type . The security policy is 10.1.1.1 to any any port The NAT is H...

FTP and rtp-base session end reason resources-unavailable after upgrade PANOS from 8.1.7 to 9.0.5

Hi, We have recently upgraded our 5250 from PANOS 8.1.7 to 9.0.5. And FTP started to have slowed down. After checking traffic log, there were some FTP session ends with resources-unavailable. It's about every 10 sessions will have one with resources-unavailable. Also, there were some rtp-base sessions have the same session end reason. It's impac...

Champion by L0 Member
  • 3201 Views
  • 1 replies
  • 0 Likes

Resolved! PA820 high availability configuration

Hello, I'm needing some clarification on one aspect of deploying a 2nd redundant PA820 in high availability mode. I currently have my 2nd 820 deployed with the management interface configured. My first question is. When setting up my 2nd PA i discovered that I only have 10gb sfp's for interfaces that I'm matching on my current PA. The quest...

danoman2 by L3 Networker
  • 3532 Views
  • 2 replies
  • 0 Likes

Resolved! PAN-OS version upgrade all interfaces are showing Down.

I went to upgrade my PAN-OS from 8.0.6 to 8.1.12. When i Install base version (8.1.0) so all interfaces are show gray. After that i downgrade my PAN-OS to same version but still same. I use to "show jobs processed'' so autocommit fail. please let me know what can i do. 2020-02-13 22:56:34 22:56:34 12 Exec ACT PEND 10%2020-02-13 22:54:49 22:54...

Resolved! Trial URL Filtering License Reset?

Hi community, I have a customer who's previous manager trialed the free 30-day URL Filtering license back in 2017 on their current devices. However, a new manager has joined and they wish to retrial.... is this possible? Can the trial auth code be reset or something? Customer doesn't to purchase HA URL Filtering licenses until they can thoroughl...

PA syslog app id - problems

Hi so 5220 - 9.0.5 I have a syslog client and syslog server.the path goes through my PA.I have a rule basically says any internal ip is allowed to the syslog server if the app it syslog that doesn't work, the packets are too short for the PA to distinguish them .. sigh so add in unknown - udp . now they go through. next problem tcp syslog on po...

Resolved! Cortex data Lake deactivation

Hello guys, I had done POC of Cortex Data lake on my gateway. And it was successful. Now i've disabled sending logs on cloud, also my eval license is also expired. But as per traffic logs seen on my gateway, i can still see logs getting forwarded to cloud from my gateway's mgmt interface. Is there anything that i am missing to disable same ? P...

  • 24401 Posts
  • 123 Subscriptions
Top Solution Authors
Labels