This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 435 Views
  • 0 replies
  • 2 Likes

IPSec VPN with cert authentication: RSA_verify failed

Hello community!

 

Created a VPN Palo Alto - Cisco Asa with certificates for Ikev2 gateway authentication.

 

Cannot establish the VPN. Did a debug and get the following error when the palo alto is trying to validate the ASA´s certificate

 

[PERR]: RSA_veri

...

Carracido by L3 Networker
  • 6348 Views
  • 3 replies
  • 0 Likes

session time-out need some understanding

We hare seeing some oracle session being aged-out. When i checked session info tim-out it says 120sec. But the application time-out itself is for 14400 sec . Where does this value of 120 sec come from.

 

 

Session 2071980 c2s flow: ...

raji_toor by L4 Transporter
  • 2121 Views
  • 1 replies
  • 0 Likes

mtr

 

Hi,

 

 

from the above output the second hope is the pa firewall , the loss is 98.2% , What does it mean ,
I dont have traffic shaping in firewall 
 
Thanks

Screen Shot 2019-09-12 at 10.17.31 PM.png
simsim by L4 Transporter
  • 3670 Views
  • 1 replies
  • 0 Likes

Resolved! PA-820 & LACP

Hi

Just wondering if anyone here has successfully gotten LACP to work on a PA-800 series FW (set to passive) and Cisco Switch (set as 'channel-group X mode active')?

No matter what I try (fast/slow/active/passive/1 eth/2 eth) I always get "LACP current

...

ShaiW by L4 Transporter
  • 6521 Views
  • 2 replies
  • 0 Likes

Resolved! Changing the /

We currently have one outside interface on the firewall and is connected to our Edge Router. The interface has the IP address of 10.10.10.10.5/24 (for example). This is the only port available for inbound and outbound data to the internet. We would l

...

Shawverr by L3 Networker
  • 3695 Views
  • 5 replies
  • 0 Likes

GP RDP and User-id

Hi

 

I recently upgrade to GP client 5.x.

 

now when i login into my laptop say 10.10.10.10 as alex.samad GP logs me in as well and the PA's know 10.10.10.10 as alex.samad

 

when i rdp to 20.20.20.20. and login as peter pan.. the PA assign peter pan to 10.

...

User-ID LDAP syntax in rule

In the group mapping UserID template, we use LDAP syntax (CN=...., OU=...), but in rules, I have always seen Source User expressed  in lanman syntax, Domain\User or ...\Group.  Is it possible to use the LDAP syntax in the rule as well, and is there a

...

BoDollis by L1 Bithead
  • 2888 Views
  • 2 replies
  • 0 Likes

Resolved! Need to understand session time-outs

We hare seeing some oracle session being aged-out. When i checked session info tim-out it says 120sec. But the application time-out itself is for 14400 sec . Where does this value of 120 sec come from.

 

 

Session 2071980 c2s flow: ...

raji_toor by L4 Transporter
  • 5160 Views
  • 3 replies
  • 0 Likes

Resolved! Firewall Policy Dump.

I have about 50 VSys and I need to pull all the firewall rules for a few different sources. Is there an easy way to pull a dump of these policies or do I have to manually go through the GUI for each VSys and filter for those sources?


Thanks.

ignore users for IP subnet

Hi,

 

with the risk that this was already discussed, I have a question regarding ignore users with User-ID.

 

I configured User-ID for our clients, also for the IT department.
In the IT, we also using admin accounts. So when I started a programm in admin

...

Resolved! Static Routes not updating Panorama to Firewalls

firewalls are not receiving the Static Routes added to Panorama.

Do these need to be entered manually in the Firewalls or how do we propagate these changes?

 

The Firewalls and Panorama are synched and other changes to Panorama are synched to the firewa

...

Upgrade Logs

I am trying to capture all the logs related to any upgrade and downgrade. I understand the firewalls download the firmware from  updates.paloaltonetworks.com. This then points to the nearest PA Server to download the code from the CND infrastructure.

...

mk245v by L1 Bithead
  • 4598 Views
  • 6 replies
  • 0 Likes

Resolved! Decrypt Mirror Port and Performance

Hi Everyone,

 

We already have ssl decryption enabled.

Now need to config decrypt mirror port.

 

Need to confirm when PA sends raw packets to server will it cause any performance issues on the PA?

 

Regards

Mike

MP18 by Cyber Elite
  • 3613 Views
  • 4 replies
  • 0 Likes
  • 23698 Posts
  • 110 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks