General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Anyone else notice these "Load Config Partial" syntax changes in PAN-OS 9.0?

Doing my first migration to PAN-OS 9.0. We've migrated the config using expedition, but when I try to use the load config partial commands I keep getting a "Invalid syntax." error Example on how it used to work- load config partial from MT-fixed.xml from-xpath /config/devices/entry/vsys/entry/tag to-xpath /config/devices/entry/vsys/entry/tag m...

VPN

Hi. who can help me this topic?Person A must configure vpn with person B. Person A must configure two vpn connection and all data flow to vpn 1 node but if vpn node1 goes down, aoutomatic all traffic must flow through with node 2.

URAN_725 by L1 Bithead
  • 2515 Views
  • 1 replies
  • 0 Likes

Free space in /dev/md2 partition

HelloWe have a Firewall PaloAlto with free space 509MB in partition /dev/md2, and 609MB in partition dev/md5, actually we need to upgrade the PanOS since 7.1.18 to 8.1.12, and there are 5 PANOS to upgrade, so the information is keep in /dev/md5 but before the installation We would like to know if the /dev/md2 root partition has little free space...

How to block Internet Explorer

I am trying to block Internet Explorer traffic going out to the internet from my internal users. I have decryption in place and followed this article: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEdCAKI am seeing some websites being blocked but some of them are not despite decryption. Has anyone tried blocking IE?P...

Resolved! Block External Email

Hello -Basically I would like to start blocking external email access from the internal network such as Yahoo Mail. I don't want to block access to Yahoo itself, just inbound email from Yahoo and other sites like that. Is there any documentation on how to best accomplish this? Thanks in advance!

Resolved! Global Protect Certificate based authentication or Ldap Authentication

Planning to implement a certificate-based authentication method in Global protect VPN in some of the iPad. All other clients should be able to log in just using with LDAP(username/password). The customer doesn’t have GP Portal license. Can we achieve this on 8.1.x PAN-OS with two client authentication profile? Anyone did this one 8.1.X OS?

CyberEye by L3 Networker
  • 5609 Views
  • 4 replies
  • 0 Likes

Global Protect HIP check issues

Have had an open case with support since August 2019 with HIP checks setup for Global Protect. There are options to allow HIP checks for a large number of different AV vendors and their products. The issue we have come across is that we have defined specific AV vendors that can be used and all others are denied. The vendors we have allowed we...

mattwech by L0 Member
  • 4273 Views
  • 2 replies
  • 0 Likes

VPN between Palo Alto and Check Point firewall

Hello,I am trying to establish a successful VPN connection between my Palo Alto firewall and a Check Point firewall. The VPN tunnel on the Palo Alto side shows all green for phase 1 and 2, however on the Check Point side I keep getting a failure per the log "IKE failure no response from peer".In the "Monitor" > "System" log of the Palo Alto t...

HA clarification with a single ISP

Hi Gang, Excuse me for my ignorance. We had firewalls Palo literally thrown at us, and instantaneously put into production (not great!). I have a pair of Palo's in HA Active/Passive with preemptive enabled on active/primary. These are in turn, patched to an INET switch (internet handed off via a single ethernet patch cable to this switch). We ...

Bootstrap debugs / logs

Hi, I was wondering when I went through the bootstrap documentation, it mentions that it should display logs of the bootstrap even if successful but in either case, nothing appears on the console, not even a single word about bootstrap... where should this be displayed or how can i check these logs?

CLIq by L3 Networker
  • 6637 Views
  • 5 replies
  • 0 Likes

*Urgent* Global Protect Crypto

I have one more query, If I change week encryption to strong encryption in tunnel traffics like Global Protect, IP sec tunnels, will it get affect the clients ??Of course We have to check the peer side before we change the encryption methods & algorithms for IPsec tunnel but what about global protect ??If we change the GlobalProtect IPSec Cr...

IPSec tunnels - Active/Passive OR Active/Active

Hello Folks,I'm planning on getting two new Palo Alto firewalls for setting up IPSec tunnels. I think the first tunnel will be a primary tunnel and the second tunnel will be back up. I'm tempted to set up my new firewalls as active/passive HA, to make life easy. But to be sure, please could someone suggest what are the advantages of using active...

Jedi_D by L2 Linker
  • 10103 Views
  • 3 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels