General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! LSVPN Satellite Deny specific subnet to Publish to gateway

In LSVPN VPN setup how can we deny specific subnet to not advertise to gateway. I have selected Publish all static and connected routes and I want to deny some of static routes of them , how can we do that ? I know we can disable public option manually and add each subnet apart from that with enabling publish option is there a way we can deny it...

Multicast with Chromecasts confusion

Background: I have a trust zone on ethernet1/2 192..168.1.0/24 and an iot zone on ehternet1/4 10.10.10.0/24 and I want to be able to cast things from endpoints (mobile phones and laptops) to the chromecasts on the iot zone. It seems like multicast (aka mDNS) is the trick however I am not sure I am going the right direction or if this is even...

multicast1.jpg
multicast2.jpg
secpol.jpg
hshawn by L4 Transporter
  • 10496 Views
  • 2 replies
  • 0 Likes

Resolved! Ubuntu

Hello, can anyone tell me what version of Ubuntu I should use for MineMeld ?

Autofocus MineMeld - how to access output node that requires authorisation

I need to create O365 IP/URL EDLs but when I try to access the output nodes I get "Unauthorised" message unless I sign into AutoFocus in the browser. Needless to say I cannot do the same on a firewall. How do I allow anonymous connections to a feed in Autofocus MineMeld or use authentication when configuring EDL on a firewall?

Config Files Backup

Hi.I have PA850. According to this link (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm7yCAC) I configured backup with local Superuser account. Everything is OK. But then I created new Admin Role named backupadmin and new account palo. This account's profile is backupadmin. I attached screenshots. The aim is I don't...

1.JPG
2.JPG
3.JPG
4.JPG
Outlaw by L0 Member
  • 3185 Views
  • 1 replies
  • 0 Likes

High memory usage on Palo Alto

I have an issue with a Panorama VM indicating high memory usage.Using the following resources: top - 10:59:58 up 82 days, 1:07, 1 user, load average: 4.22, 3.89, 3.87Tasks: 156 total, 1 running, 152 sleeping, 0 stopped, 3 zombieCpu(s): 39.2%us, 1.8%sy, 0.0%ni, 58.0%id, 0.9%wa, 0.0%hi, 0.1%si, 0.0%stMem: 16447708k total, 16354760k used, 92948k fr...

Resolved! Data Center Firewall - Monolithic vs Virtualized

This is purely theoretical and does not represent a real network.You can think of this as on prem or public cloud:- MonolithicThis design utilizes 3 physical firewalls that are embedded in a data center fabric• Perimeter• B2B• DCThe main focus of my question is on the DC firewall, as you can see segmentation is derived by using traditional zones...

DC Firewall - monolithic.jpg
DC Firewall - virtualization.jpg
DC Firewall - virtualization.jpg
mcronin by L0 Member
  • 3147 Views
  • 1 replies
  • 0 Likes

Development Palo Alto Networks firewall

I have supported Palo Alto Networks firewalls since the 3.x days. I currently support many of these firewalls, many including HA with all of the licensed features, linked to Panorama, Minemeld and other products. I desire a lab setup so that I can test various settings and changes prior to deployment. For example, SSL Decryption being enable ...

ACMENEWS by L1 Bithead
  • 3548 Views
  • 2 replies
  • 0 Likes

Resolved! Email Link Verification causes unsubscribe action on URL

We are a provider that sends newsletters to subscribed customers. We have an unsubscribe Link in the our emails so that customers can easily unsubscribe by just clicking on the link. We have noticed that IP Address registered by Paol Alto Networks test email links by calling the URL in a sandbox. The call of the URL causes the customer to be uns...

helge99 by L0 Member
  • 3585 Views
  • 2 replies
  • 0 Likes

Resolved! DHCP Relay Query

I have a query regarding dhcp relay , I L3 interface on switch where ip helper is configured then there is interconnect between core switch and firewall question is do we need to enabled dhcp relay on palo alto interface connected to core switch

PA units wont populate EDL

At the end of last week I installed MineMeld. Configured 0365 miners. When I access the miners via their URL I recieve an IP list. Next I configure EDL on two of my PA units. For this test I configured the miners to be anonymous. Tested the URL and it's able to reach source. I then click Import Now and nothing is imported. I left the PA...

AOneR by L1 Bithead
  • 3712 Views
  • 2 replies
  • 0 Likes

GlobalProtect Problem IOS 12.3.1

Hello, Recently some of my Iphone / Ipad devices running on IOS 12.3.1 can no longer connect via GlobalProtect (AppleStore Version: 5.0.7). On the other hand this same account works on a Win10 computer. Do you have an idea of ​​the problem met? PAN firmware: 8.1.9 Error message: Could not connect to gateway. Please contact your IT administrator....

FlorianP by L1 Bithead
  • 8314 Views
  • 5 replies
  • 0 Likes

Global Protect PAN-OS 8.0 IP pools

Hi all , What is the workaround when you want to assign same IP pool but different access routes to groups or users on the same gateway ? So let's say that on the gateway I have 2 or more groups like Group1 and Group2 but I have one IP pool to assign IPs when they are connected but in Group2 I want split tunnel and define specific access routes...

DNS issues

Hi All, hoping someone could possibly shed some light on what I maybe missing in the configuration...Im going out of my mind looking at this as I just cant see it, ill try to keep it short.... I recently replaced our offsite meeting room location Juniper SRX with a PA-220:PPPoe Setup with VDSL modemVPN tunnel back to main office Meraki AP to pr...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels