General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Palo Alto VM, Layer 2 bridge (transparent), 802.11q sub interface mac flapping on cisco switch

Hello everyone,I have an existing palo alto PA-3550 which we are migrating over to vmware, virtualized version (VM-300), onsite, no cloud. On the appliance we have two sets of layer 2 interfaces bridged together. One set is basically a transparent firewall, the other is just marking qos traffic. Since this device has 20 or so 1 gb ports, each...

Software packet buffer depletion

I am working with a client who is experiencing very high CPU utilization on the data plane and his packet buffers do not release. He is running 8.1.7 in a lab setting with no traffic being generated to the firewall. He has VM is setup with 6.5GB ram and 2 cores, 1 for management and 1 for data plane, and 60GB hard drive with VM-100 license. ...

SSL decryption in forwarding proxy and a Web proxy after paloalto firewall

Hi all,i have a PA firewall used for internet navigation and a transparent proxy for Web navigation.I have enabled ssl decryption for a specific URL category that i have set in url profile in block-continue.If i set my PDL browser with the proxy i didn't recive the response page and the connection goes in timeout. If i remove proxy from pdl it w...

Does PAN-DB categorization apply to subdomains?

If I register a domain in PAN-DB for categorization (https://urlfiltering.paloaltonetworks.com/), do all subdomains automatically fall under the parent category? For example, if I register "mywebsite.net" for categorization, will the assigned category apply to "info.mywebsite.net" as well? Thanks! Allen

Next Gen Firewall Public Wifi Browser Warning Issue

We have a policy for public wifi subnet set toACTION to NO DECRYPT,Set TYPE=ssl-forward-proxy, DECRYPTION PROFILE = NONE When any public device (i.e laptop) try to open a HTTPS website that prohibited by our organization URL policy.For example HTTPS’s porn sites. The browser will come up with the Warning pageFirst page, IE = Website’s security c...

Resolved! User-ID Agents

Hi All, I am migrating Palo Altos to a new Palo Alto. I have a question raised by the end customer. They user User-ID agents currently on their servers. Can they use the same Agents on the new Palo Alto - off the top of my head I am not sure? Given that the new install is a later version of PAN-OS, on a VSYS, new IP ranges internally (and althou...

a.jones by L3 Networker
  • 2713 Views
  • 1 replies
  • 0 Likes

Import/export device state

Upgrading a firewall from a single fw to an HA pair. My plan is to do a device export of the current active firewall then import that device state to the two new firewalls then setup HA. Some of the config pieces are from PANORAMA. Any issues with importing the device state if the fw is not managed by PANORAMA? Or can I add it later? Thanks!

NAT configuration for interface Tunnel

Hi All, I'm in the middle of migrating a series of PAs from one customer to another. The newer system is on version 8.1.10, the other is on 8.0.14. I have configured the VPNs each with a seperate tunnel, pretty standard stuff. I am creating some specific NAT rules for a couple of the tunnels and hit a brick wall... the tunnels have a local IP an...

a.jones by L3 Networker
  • 9603 Views
  • 3 replies
  • 0 Likes

Halloween Reaper challenge time!

#spooktober is in full swing so it's time to have a little fun. Like every year i have a little challenge for you, to see who can up with the most original, creative or just fun entry This year we're doing picture captions, aka. memes! All participants get eternal glory, an seat in the hall of fame and my gratitude for not letting me do this...

reaper by Cyber Elite
  • 2791 Views
  • 1 replies
  • 2 Likes

Alert if same traffic log entry is repeated N times..

We have had an instance of a third party having an issue with their system that generated repeated traffic over and over 17K 5 times a second, constantly. I can match the traffic in the log fairly easily. How can I set up an alert for that to go to our application owner? I can't figure out a way to do it other than a daily scheduled report whi...

PAN-OS 9.0 Released - Stop and Think

Today Palo Alto Network officially released PAN-OS 9.0 to the general public. Some of you may have read posts recently regarding features that have leaked out from the beta, and if you have any questions those of us that have been participating with the beta are now actually able to give you direct answers. Like any major release the next few we...

BPry by Cyber Elite
  • 23644 Views
  • 30 replies
  • 7 Likes
  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels