General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

VPN

Hi.How to configure VPN that if peer ip and proxy id(remote address) is same.When try connect address traffic don not flow over vpn. When i write route vpn gets down.

URAN_725 by L1 Bithead
  • 3218 Views
  • 2 replies
  • 0 Likes

Resolved! Panorama -> User ID -> Group Mapping Settings with AD

Hi All We've got Panorama deployed successfully to manage our HA pair of 3020's, but I was wondering if somebody could point me in the direction of an article describing how the Active Directory Lookup works on Panorama for creating Group Mappings? When editing Group Mapping Settings directly the Firewall, it displays the AD structure which al...

what can be the reason for and ( description contains 'HA Group 1: Peer HA2-Backup keep-alive down'

We have PA5220 HA2 backup connection on copper port running via switch.today we got alerts on both active and passive firewalls. and ( description contains 'HA Group 1: Peer HA2-Backup keep-alive down' ) and ( description contains 'HA Group 1: Local HA2-Backup keep-alive down' ) i check the physical interface no errors.how can i know reason for ...

MP18 by Cyber Elite
  • 6073 Views
  • 4 replies
  • 0 Likes

DNS rewrite matching wrong NAT rule

Think this needs a case. Open to any suggested workarounds. Connecting two overlapping networks with NAT. (why? we have to)192.168.1.0 (zone1) -- PA -- (zone2) 192.168.1.0policy routing in place, come in zone1 interface go out zone2 and vice versaDoing network nats at a /24 in this example If I do two rules, natting the overlapping network...

Source and destination based on NAT using DHCP

Hi, I am setting up a PAN device. On ethernet1/1 I have it set up to DHCP. I then will have a computer connected to ethernet1/9. I want to set up both source and destination based NAT. From what I understand in order to do this I would need to create an object. Is there any way to set up an IP based object that will be whatever the IP is that an...

golariu by L1 Bithead
  • 2310 Views
  • 1 replies
  • 0 Likes

Resolved! Change physical port in Active PAssive PA going to ISP

PA is in Active Passive mode. Current uplink connection from active PA going to ISP is 1Gig.We need to change the uplink port on the active PA that can support 10gig. What is best method to do this without causing least amount of outage?

MP18 by Cyber Elite
  • 6496 Views
  • 12 replies
  • 0 Likes

Need to clear traffic or reset the tunnel to access

We had site to site vpn tunnels and traffic is always stuck and until unless we reset or clear the traffic the access is not working. Any one have experience . The VPN tunnel never go down only the traffic PA to Sonic wall any recommendation on how to troubleshoot this issue ?

NavidAlam by L3 Networker
  • 7654 Views
  • 4 replies
  • 0 Likes

Decryption Broker with Policy Based Forwarding

Hello, I'd like to know if it is possible to use decryption broker with policy based forwarding on the same interface of the policy based forwarding as the scenarios is as the following :We have a Bluecoat proxy connected to Palo Alto firewall using Policy Based Forwarding/Routing (PBR) so we want to know the possibility of making ssl decryption...

Palo Alto - GPVPN - IPSEC b2b

My current role is as a Network Architect and I am working with our security team to get some Palo Alto firewalls setup to provideGPVPN access and also IPSEC b2b connectivity. Our initial design has a single external public address to host the GPVPN traffic and the IPSEC b2b traffic and works ok. We are currently discussing the option of impleme...

mcronin by L0 Member
  • 5866 Views
  • 3 replies
  • 0 Likes

Limit Download per IP

In NG firewall, is there a way to limit the download per IP per day.For eg, One Ip should have only total 1GB download/upload usage a day.It's like somewhat ISP does.

unable to access internet from vlan

Hi,i am configuring PA-220 software version 8.0.9. i wan to create a vlan and allow them to access the inter net i have seen some video but i am unable to access the inter net i am even unable to ping my vlan gateway. is there any thing i can do ?

Screenshot (9).png

MineMeld into Proofpoint TRAP

I am trying to integrate MineMeld and Proofpoint TRAP. It should be relatively simple and feel I am overlooking something. The first step was easy. Create an output using stdlib.taxiiDataFeed. Because this is the community edition auth is turned off by default. (Leaving this off until things are working) In TRAP you have the following fields: UR...

Romans6 by L1 Bithead
  • 4028 Views
  • 1 replies
  • 0 Likes

Resolved! Threat Map Bubbles

Hi,When I view the threat map, It shows a large bubble in the middle of the atlantic ocean that is labelled "reserved" what is this?Any help is greatly appreciated.M

charger by L2 Linker
  • 4819 Views
  • 4 replies
  • 1 Likes

Kill Login Sessions

Hi,Is there a way I can kill or log out other administrators that is authenticated in Palo Alto Management? Hoping for your assistance.Thanks,Xer

  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels