General Topics
Showing results for 
Search instead for 
Did you mean: 
General Topics

Forum Posts

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

jdelio by Community Team Member
  • 43 replies

Link Failure - Syslog

Hey all! I have a PA-3020, eth1/1 and eth1/2 are an aggregate (ae1). on the switch, it's a Port-channel. I want to be informed when one of both interfaces is down. So I set up a syslog server and all system logs are forwarded. For testing purposes, I...

MPI-AE by L4 Transporter
  • 1 replies

How to combat VPN’s that use spoofed SNI?

Hi all, My environment has a large fleet of iPads in an educational institution. We have restricted internet (no social media and so on) so the students spend time finding ways around it. We thought that bringing the PA unit in and enabling decryptio...

stuart.l by L2 Linker
  • 1 replies

Resolved! arp issue with PA Active/Active

Hi 2 PA-3060's, setup in Active / activeI have a vlan 213 with assigned to itI have .2 and .3 assigned to the PA's and .1 assigned as a HA Virtual ip . I also have 3 virtual machines, app1 app2 app3. app1 and app3 can arp

Suspicious Packet with MAC address all zeros

Hi All, I monitor networks for my client, recently I discovered some suspicious outbound traffic from internal to a known malicious host, although the packet was dropped on the PA. the logs I have showing that the packet's source IP as the internet's...

sum0831 by L1 Bithead
  • 3 replies

Resolved! Blocking All Internet Traffic from certain PCs

I have several older machines (XP) that are used for special purposes that cannot be be upgraded. Even the hardware cannot be upgraded or replaced (running on old dell dimenion desktops). These machines do not need access to the internet but they are...

jharlow by L3 Networker
  • 13 replies

Setting Up MS DirectAccess

Trying to configure DireectAccess (Windows Server) to work but I believe it is failing due to the Palo Alto. I created a custom application and application override for the ports needed but still failing. Per a Microsoft Document, "the firewall has t...

jharlow by L3 Networker
  • 3 replies

Resolved! Seperate Internet Connections

HiFirst time here, so after some advice.We have a Palo Alto 3020 providing internet access and DMZ, all is running fine.I have to order another internet circuit, which is the best way to connect / configure this? 1. Create an LACP port channel on the...

Resolved! Subordinate CA creation for SSL Decryption

Hello, I am attempting to set up SSL Decryption on a new firewall and trying to create a Subordinate CA with our internal Microsoft Certificate Services. I am in the process of generating the CSR on the PA, but I am a little confused on what the Comm...

Virtual Wire + vPC

I’m considering the following ( Active / Passive Virtual Wire + vPC ) configuration in my primary Datacetner. I really don’t want to lose the current vPC redundancy that I have in place today. Today I can cut, unplug, power off, kick, shutdown, and I...

thaubein by L0 Member
  • 3 replies

Setting up Policy to allow all access to a squid proxy

Hi Still a beginer with the PA. I have a universal rule that allows from any zone my internal ip address to ip address group that has by proxy addresses in it. For applicaiton I have http-proxy - this covers a lot of portsdefault urls from my test bo...

Double NAT

Hi!we have a couple of customer who use paloalto firewalls. We have always problem to connect two accesses through NAT via paloalto. We usually use cisco meraki and the communicate on the higher port numbers. It always work when we have one site that...

majo44 by L0 Member
  • 1 replies


Who can provide me with a from scratch python script to create a new firewall rule? Im not looking to use pandevice or any of Palo Alto modules on github (my compnay will not allow us it import and use it.) Looking of a script that doesn't use pandev...

PA-500 SSL decryption decrypt-error session end

I apologize of this is a dumb question as I know that some sites will have decyrption issues, but is it normal to have a lot of traffic log entries with decrypt-error as the session end reason? None of our users are complaining that they can't get to...

gwosad by L0 Member
  • 4 replies
Top Liked Authors