General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

HA First time Configuration

Im installing a single Palo at present with the intent of adding a standby unit in the near future. My question is regarding the interface addresses on the standby unit.

 

What do i need to configure on the standby unit in regards to IP addressing apar

...

welly_59 by L3 Networker
  • 961 Views
  • 3 replies
  • 0 Likes

Resolved! How to generate GlobalProtect VPN Reports

Is there any way to provide reporting for GlobalProtect remote access VPN. Like for example I want a report of users who have connected in the past week, etc. How do i generate those reports?

VPN to Azure dropouts

I have searched high and low for this and found a few articles regarding IKE configuration and nothing seems to fix it.

 

PAN 3020 v7.0.5. IKE 2 VPN to Azure. The VPN works but around every 50 mintues the tunnel drops out for a few minutes then re-esta

...

dmann2 by L2 Linker
  • 11009 Views
  • 35 replies
  • 0 Likes

different content of backup files.

Hey!

I'm using curl and the xml api to automtically backup the config of my PA-3020:

https://live.paloaltonetworks.com/t5/Management-Articles/How-To-Backup-of-Config-Files-Periodically-without-Panorama/ta-p/77312

 

However, the content of that file looks

...

MPI-AE by L4 Transporter
  • 2127 Views
  • 6 replies
  • 0 Likes

GPCS and Minemeld

I wish there was a prototype in Minemeld to be able to track all GPCS endpoints via the API.

 

Currently you can only do it using this rather messy way :-

 

https://www.paloaltonetworks.com/documentation/10/cloud-services/globalprotect-cloud-service-

...

Resolved! Confidence level in logs

Hi, 

 

In minemeld logs from the nodes, taking AF-Ransomware node as an example,  I have 2 questions regarding the confidence, thanks!

 

1. does the confidence level come from the source feed?

2. can customers change this confidence level?

 

 

chtoh82 by L2 Linker
  • 3383 Views
  • 2 replies
  • 0 Likes

Resolved! Questioning about agentless user-id.

Hello!

I have questions about user-id functions.

1. How much user-id be supported by agent-less user-id? I guess that 64K user-id and 640 user-group would be supported on all of PAN model. right?

2. When using user-id collector, How much user-id and use

...

GP Always on VPN - Except if on internal LAN?

Is there a way to implement this? I have seen the internal host detection option but as far as I can see that is only to choose whether you connect to an internal or external gateway.

I want all remote site users to go through the Palo Alto, but I can...

welly_59 by L3 Networker
  • 1286 Views
  • 2 replies
  • 0 Likes

Sharefile custom URL site allow

We block access to sharefile.com as a whole.  But we do have a sharefile.com company site which we allow access to.  The problem that I am running into is this, when a user attempts to download a file from our sharefile site a random number will be g

...

Self-signed Root CA Certificate FQDN?

I’m planning a test deployment of a globalprotect vpn, so currently going through the guides to see what’s needed. Part of the requirements if not using a trusted CA is to generate a self-signed root CA.

What should the FQDN be on this cert? The deplo...

welly_59 by L3 Networker
  • 689 Views
  • 1 replies
  • 0 Likes

Resolved! Valid Object Name Requirements Documentation Wrong

When creating an Address Object (as well as other object types) the documentation for Palo Alto 8.1 says this, "The name is case-sensitive, must be unique, and can contain only letters, numbers, spaces, hyphens, and underscores."

 

The popup that appea

...

JasonKC by L1 Bithead
  • 1520 Views
  • 2 replies
  • 0 Likes

Confused about zones

I'm currently migrating from a pair of Cisco ASAs and the zones have me a little confused.

 

Right now I have interfaces on the ASAs of inside, wireless, outside, dmz-private-web, dmz-private-db, dmz-public-web, dmz-public-db, dmz-dev-web, dmz-dev-db.

 

...

HA sync times

Recently I have noticed that it is taking longer to commit and sync the changes from my active PA to my passive PA and the management plane ramps up to 38%. any suggestions

jdprovine by L4 Transporter
  • 1527 Views
  • 7 replies
  • 0 Likes
Top Liked Authors