General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

firebase-cloud-messaging app-id additional ports may be required

Hey there, Here's something that was brought up by one of our teams. According to this kb article cloud messaging also needs these ports.https://firebase.google.com/docs/cloud-messaging/concept-options#ports_and_your_firewall I was able to find logs related to this where the application was identified as google-base or unknown-tcp and denied. An...

icozma by L0 Member
  • 3982 Views
  • 1 replies
  • 0 Likes

How to change from category insufficient-content to Private IP address?

Hi Teams,How to change some intranet website from category insufficient-content to Private IP address?i already use portal to request change.but, when i choose category Private IP address, this category is disable and can't be click.i believe we already use this intranet website long time ago.last time categorized as Private IP address, but just...

Panorama 8.0.2 - Buggy???

We have multiple models of FW hardware running primarliy 7.1.9 and it seems like since upgrading to Panorama 8.0.2 from Panorama 7.1.9 that it is almost painful to make changes. It seems everytime we push to devices something fails. Today specifically we push some changes and it says "failed" look in the log and it says synchonization failed but...

Wald by L2 Linker
  • 2782 Views
  • 1 replies
  • 0 Likes

Shared Objects in Panorama

Is there a concept of shared objects at multiple levels in Panorama ? For example, I can have a top level setting at the shared level which says password length is 15 characters and I want that to go to all firewalls. What I need, is a second shared level beneath that (like at the template stack level) that says anything in "This template stac...

Cisco WLC integration problem with PA.

I have Cisco WLC 5508 , kiwi syslogd and PA.I can see snmp traps in Syslogd but only username is visible , ip address of the client is missing.Can anybody help how to parse it in Palo alto Firewall. Regards,

IPSec VPN with cert authentication: RSA_verify failed

Hello community! Created a VPN Palo Alto - Cisco Asa with certificates for Ikev2 gateway authentication. Cannot establish the VPN. Did a debug and get the following error when the palo alto is trying to validate the ASA´s certificate [PERR]: RSA_verify failed: 1099255804384:error:04091064:rsa routines:INT_RSA_VERIFY:algorithm mismatch:rsa_sign.c...

Carracido by L4 Transporter
  • 7620 Views
  • 3 replies
  • 0 Likes

session time-out need some understanding

We hare seeing some oracle session being aged-out. When i checked session info tim-out it says 120sec. But the application time-out itself is for 14400 sec . Where does this value of 120 sec come from. Session 2071980 c2s flow: source: x.x.x.x [SERVER2] dst: y.y.y.y p...

raji_toor by L4 Transporter
  • 2551 Views
  • 1 replies
  • 0 Likes

mtr

Hi, from the above output the second hope is the pa firewall , the loss is 98.2% , What does it mean ,I dont have traffic shaping in firewall Thanks

Screen Shot 2019-09-12 at 10.17.31 PM.png
simsim by L4 Transporter
  • 4661 Views
  • 1 replies
  • 0 Likes

Resolved! PA-820 & LACP

HiJust wondering if anyone here has successfully gotten LACP to work on a PA-800 series FW (set to passive) and Cisco Switch (set as 'channel-group X mode active')?No matter what I try (fast/slow/active/passive/1 eth/2 eth) I always get "LACP currently not enabled on the remote port" in the Cisco console output.I saw this twice this week at two ...

ShaiW by L4 Transporter
  • 8298 Views
  • 2 replies
  • 0 Likes

Resolved! Changing the /

We currently have one outside interface on the firewall and is connected to our Edge Router. The interface has the IP address of 10.10.10.10.5/24 (for example). This is the only port available for inbound and outbound data to the internet. We would like to create a new outside interface on the firewall and start using it for other services, such...

Shawverr by L3 Networker
  • 4883 Views
  • 5 replies
  • 0 Likes

GP RDP and User-id

Hi I recently upgrade to GP client 5.x. now when i login into my laptop say 10.10.10.10 as alex.samad GP logs me in as well and the PA's know 10.10.10.10 as alex.samad when i rdp to 20.20.20.20. and login as peter pan.. the PA assign peter pan to 10.10.10.10 This didn't happen under 4.1 is there an option to turn this off - i believe there is ?

User-ID LDAP syntax in rule

In the group mapping UserID template, we use LDAP syntax (CN=...., OU=...), but in rules, I have always seen Source User expressed in lanman syntax, Domain\User or ...\Group. Is it possible to use the LDAP syntax in the rule as well, and is there and advantage either way?

BoDollis by L1 Bithead
  • 3517 Views
  • 2 replies
  • 0 Likes

Resolved! Need to understand session time-outs

We hare seeing some oracle session being aged-out. When i checked session info tim-out it says 120sec. But the application time-out itself is for 14400 sec . Where does this value of 120 sec come from. Session 2071980 c2s flow: source: x.x.x.x [SERVER2] dst: y.y.y.y p...

raji_toor by L4 Transporter
  • 6554 Views
  • 3 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels