General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Config not reflecting on firewall when pushed via panorama

Hi , We are facing unusual issue in our enviorment .We have pushed the changes from Panorama to devices but changes are not reflecting on individual firewall . Verifed commit logs , no error . All showing result succeeded . Panorama version - 9.x.xFirewall version 8.x.x Anyone faced similar issue ? Or any suggestion regarding same. Thanks .

deepak12 by L3 Networker
  • 13506 Views
  • 7 replies
  • 0 Likes

Resolved! GP gateways under the same ISP

Hello , I have setup for the company portal and gateway with a specific IP pool and there is one pulbic IP on the ISP. Now they want partners to connect as well and I was wondering if is possible to have either on the same gateway another VPN IP pool and setting like DNS or I can make another gateway under the same IP with another port.

URL Filtering logs

I am using PA-500 on the version of 8.0.18 i am not able to see the URL filteing logs which has the host accessed the URL's from IP too.Kindly guide me

Upgrade

Hello Everyone, I have a PA 5020 in version 8.0.9, what is the most stable version to update?

Stack override template with IP of none

I'm trying to use the same "interface" template for all of my locations. Unfortunately not all locations have the same number of subinterfaces. I'm trying to override subinterfaces that aren't needed at the stack level somehow so that they are pushed as "null" or "no ip". Any ideas, suggestions?

HA Setup

I have firewall in HA(A-P) mode.If device priority is same on both , will there any delay in switching A-P role during failover activity ?

deepak12 by L3 Networker
  • 3743 Views
  • 4 replies
  • 0 Likes

config on passive & pushing to active ?

Dear All, As I have always been practicing to do the configuration and changes on the primary device and then it is its responsibility to push the configuration on the secondary device but as I have also been seeing people to do the configuration on the secondary devices be it juniper, F5, Palo and they really don't consider this active passive ...

Gchander by L1 Bithead
  • 5490 Views
  • 3 replies
  • 0 Likes

PAN-SA-2019-0020 ... really?

Hello Paloalto Team Last thursday you published the securityadvisory for a critical RCE vulnerability and today you notified the customers again with an "Action recommended" article here: https://live.paloaltonetworks.com/t5/Customer-Advisories/Action-Recommended-Recent-Security-Advisory-PAN-SA-2019-0020-Ref/ta-p/278505 In this article you write...

Remo by L7 Applicator
  • 5509 Views
  • 2 replies
  • 0 Likes

session end reason threat

We have vendor traffic coming to PA and session end reason is threat.Under threat i can see the threat id numberThey are lot of them For easy way I have disabled the security profile vulner protection for that rule. Need to confirm by doing this PA should not end the session with threat right?

MP18 by Cyber Elite
  • 6426 Views
  • 1 replies
  • 0 Likes

Resolved! Global protect "Could not connect to gateway contact your IT administrator"

Hi Team, When I'm trying to connect global protect from agent it gives an error "Could not connect to gateway contact your IT administrator". When I dig into debug logs, i found below intersting logs. (T3120) 08/06/19 12:56:14:274 Debug(4388): SetGatewayRoute: GetBestRoute() returns Dest:0.0.0.0 Mask:0.0.0.0 if_index=12 metric1=50(T3120) 0...

Threat log types

For threat logs in PA i see below options ( subtype neq vulnerability ) and ( subtype neq spyware ) and ( subtype neq packet ) and ( subtype neq scan ) need to know if this makes sense ?? where vulnerability is part of vul protection scecurity profile which is layer 7 ?? spyware is anti spyware profile which is also layer 7 ??? scan and packe...

MP18 by Cyber Elite
  • 3106 Views
  • 1 replies
  • 0 Likes

Aplication Dependency commit Warnings after 8.1.8 upgrade

Hi, Recently we had to upgrade our customer PA-3050 from a 8.0.10 to 8.1.8 version.After we did it everything works fine, but when they did a commit of the configuration a lot of Aplication Dependency commit Warnings appears:We check all the policies and in every one all the applications are included. Anyone knows why this happened and how to so...

commit watnings.jpg
policy.jpg

Unable to get into maintenance mode

Hello All,I was in the process of upgrading our firmware of our PA500 to 8.1 and when the device rebooted, it did not want to come back online. Checked the startup and noticed I was getting this error message. I did read online that it might be an issue with the hard drive? Is there a way I can resolve this? I cannot even get into maintenanc...

jsuttor by L0 Member
  • 5433 Views
  • 3 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels