General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

VPN problem

Hii have a problem. i have configured vpn ikev2 ipsec. When test vpn with CLI command( test vpn ipsec tunnel [name]) vpn gets up. But when other side try to connect, vpn do not get up.Also when i check system logs this logs appears:'IKE phase-1 negotiation is failed. Couldn\'t find configuration for IKE phase-1 request for peer IP x.x.x.x[500].'

URAN_725 by L1 Bithead
  • 4639 Views
  • 3 replies
  • 0 Likes

PXE boot

I'm trying to get pxe boot to work through the firewall. Now options 66 and 67 are available in palos dhcp server but I can't get it to work anyway. Besdies normal dhcp options I've setup option 66 with IP and ip-address and option 67 with ASCII and \path\bootfile I have a sec pol with any any to the sccm server. All I can see is tftp traffi...

Meraki Implementation

Curious if anyone has Meraki and a PAN setup. We are trying to to link our remote sites to the data center. At the remotes the meraki is the router then in the data center we have the meraki behind the the PA. We can establish a VPN tunnel and ping internal devices, but it is really slow. For example logons to workstations take forever, and ...

Global Protect not connecting to gateway

I have a Pa220 and its using DHCP for untrust interface. I have followed about 40 documents and knowledgebases and still have no success with connecting my iphone to the palo via global protect. I am using self generated cert. I have collected the logs from the GP client but, I do not know what I am looking for to see what the issue is.

Resolved! How to Stop DNS traffic logs going to Log collector

We have M500 and syslog server getting all the traffic logs.What we want is do not send DNS logs to M500 only to Syslog server.Need to know how can i config this ? Currently we have single log forwarding profile.

MP18 by Cyber Elite
  • 7048 Views
  • 3 replies
  • 0 Likes

Resolved! Is there a way to force Applications Seen to Update?

I'm running PanOS 9.0.3-h3 and I'm creating some new Security Policies.I like that I can see what applications are getting hit in the rule. My only problem is that while I'm testing, I seem to have to wait overnight for the Applications Seen to get updated for new rules.Is there a way from the GUI or CLI to force the processing of the Apps seen?...

All traffic through LSVPN (or LSVPN route metric)

I want all satellites to route all traffic through VPN tunnel when it's available. In GP gateway if I leave Access Routes emtpy or if I publish 0.0.0.0/0 to the satellite I get the default route with metric 100 on the atellite. But that means the static default route entered on initial configuration of satellite will still remain the active rout...

santonic by L6 Presenter
  • 8467 Views
  • 6 replies
  • 0 Likes

Policy Optimizer Apps

Is it possible to add the apps seen by the policy optimizer to an application group already created? I feel like this should be easy, but I can't seem to be able to do it. It appears you can create new app groups but cant add to current? Am I missing something?

Resolved! HA2 connection with HSCI port and distance of 30 km

On PA 5520 with active passive mode is it possible to use HSCI port for HA2 connection if distance between active and passive PA is 30 km.I read some QSFP+ transceiver support 40km with single mode? Need to confirm here if this is possible ?

MP18 by Cyber Elite
  • 6022 Views
  • 2 replies
  • 0 Likes

Resolved! GlobalProtect setup frustration

Hello -Originally, I was going to setup GP with RSA MFA using this document: "RSA SECURID® ACCESS Implementation Guide Palo Alto Networks Next Gen Firewall 8.0" It is written by RSA and is woefully lacking in detail and after seven hours on the phone with Palo support I decided to abandon that idea for now. At this point I'd just like to get GP ...

Shawverr by L3 Networker
  • 17324 Views
  • 23 replies
  • 0 Likes

Resolved! multi vsys security policy with ANY zone

I am testing multi vsys configurations in my lab and noticed that I am unable to use a source/destination zone of "any" in the device group security policy associated with vsys2. The default vsys1 accepts "any" zone. When I attempt to commit/validate to the device i get a error like the following attached. It seems as I can only have defined ...

  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels