General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

PA850 10gb sfp+

HiAfter connecting sfp+ 10gb - we are seeing high latency and high Packet Descriptors (almost 100)any ideas?We are using brand new Dell certified DAC cables:DLCAB-SFP+10Gb

chens by L3 Networker
  • 2515 Views
  • 1 replies
  • 0 Likes

Configuration settings for Syslog forwarding in Palo Alto UTM

Hi Team, We have integrated Palo Alto UTM v8.1 with LogRhythm. We have enabled syslog on UTM and we are receiving logs on LogRhythm. The issue is not all the fields are getting captured in the logs (we verified this in raw logs received at LogRhythm). Please find the below details which aren't captured. Threat Logs: -Threat ID not capture...

User Activity report not showing full activity

Hi Team, User Activity report only shows detailed web browsing activity for few days (3-4) when report is generated for longer time frame e.g 7 days or 30 days or custom time frame. root partition is at 87% and /opt/panlogs at 71%. Any suggestions how to correct this behavior? Best Regards,

User-ID using internal global protect and Azure Active Directory

Hi all, I've setup SAML SSO based authentication to global protect with Azure Active Directory. I'm wondering if i can take this a step further by using internal global protect gateways and using global protect for USER-ID? If i did this, how would i go about setting up user based policies on the palo? effectively allowing me to allow/deny traf...

TomDow by L0 Member
  • 7421 Views
  • 3 replies
  • 0 Likes

Resolved! Changing master key on Log Collector within the same Panorama

Scenario:Panorama (in Panorama mode) with single local Log CollectorA/A cluster of firewalls managed by this Panorama We managed to change the master key on Panorama and both firewalls. But trying to change the master key of the single local Log Collector on this same Panorama fails with "Failed to schedule deploy masterkey job". Is it even necc...

santonic by L6 Presenter
  • 6479 Views
  • 3 replies
  • 0 Likes

Active / Active NAT question

Hi To all the A/A users. How have you / Or can you setup SNAT so that all traffic is SNAT'ed to 1 ip . very basic example Eth1 - connect to 1.2.3.0/24 - interface address is 1.2.3.2/24 & 1.2.3.3/24 (A/A) 1.2.3.1 arp load balancedeth2 - connecs to 10.10.10.0/24 interface addrss is 10.10.10.2/24 & 10.10.10.3/24 ( A/A) 10.10.10.1 arp load...

Resolved! CLI command for Palo Alto to set a DHCP Reservation for the management port? Anyone?

Anyone know the command for this? Also we made the mistake of setting our Palo Alto to an IP address that is already taken so when we tried to access the GUI via the web we realized the mistake..... So how do we change the IP address to something else? Do we need to reset our Palo Alto? Or is there a PuTTY CLI command that we can easily change t...

stoyota by L1 Bithead
  • 18781 Views
  • 10 replies
  • 0 Likes

i don't connect to vpn PANGP

::edited by @reaper :: I don't connect to vpn MY LOG (T7692) 10/01/19 16:24:03:969 Debug(4273): DLSA, encounter an route defined in config, do not remove it(T7692) 10/01/19 16:24:03:969 Debug(4263): DLSA, check our route (des=10.1.77.82, mask=255.255.255.255)(T7692) 10/01/19 16:24:03:969 Debug(4273): DLSA, encounter an route defined in c...

Panorama VM OS Disk size modified

Today whilst we were investigating the process of upgrading the disk size for our Panorama Legacy Mode VM we have accidentally re-configured the disk size from 81gb (as per the template import original size) to 150gb. This was of course different to the process as outlined by Palo Alto documentation. Within VMWARE VCSA we are unable to change th...

Question about VMI and error found

Hi everybody! I have a question about this mistake obtained in a PA, I have 1 device 850 but i tried to implement a user-mapping.But the issue is the PA lose connection of my servers (I have 5 servers LDAP) Lose connection random of my servers, I have tried to follow the next Kbs but i still have the issue https://knowledgebase.paloaltonetworks....

Resolved! Minemeld - excluding entries from URL list

Hello, I have setup IPv4 and URL lists for O365 using minemeld for whitelisting. I have noticed that the office365.onenote prototype in minemeld includes www.youtube.com in the url list. How would I go about removing that entry and a few others from the generated list? Thanks,Dan.

Does Palo alto on L2 deployments forward BPDU On RSTP?

I have a PA-850 deployed as layer 2, on this palo i have 3 switches connected trunking 4 same vlans( 30,31,50,51) for each port to the switch, switches are from different vendors so I using 802.1w, RSTP as loop prevention, I know that on PSVT+ of cisco palo alto forwards the BPDU, but using RSTP Im seeing on each switch that is not receiving...

Eddgar0 by L0 Member
  • 4917 Views
  • 1 replies
  • 0 Likes

DHCP Issue

We have 2 VLANS that terminate on a PA-3020 firewall. One VLAN (100) uses DHCP relay and works without any issues. The DHCP relay exists on the firewall for VLAN 100, but this relays to an internal DHCP server on our network. The other VLAN (200) uses the PA-3020 as a DHCP server, but this is not working. The DHCP server for VLAN 200 is hosted...

  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels