General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Connecting WildFire Private Cloud to firewall

When connecting WildFire Private Cloud to firewall (Device > Setup > Wildfire), It appears that we can only add one (1) appliance IP address. However with a cluster there's more than one appliance.1) Should this be the management IP address of the Primary cluster member?2) How does the Firewall know to send traffic to the other appliance(s...

Resolved! Disabling HA

Hi Community, Does disabling HA using the master switch ( Device -> High availability -> general -> setup ->enable HA checkbox) will cause the interfaces to go down and up ?. I understand that the interface mac has to be changed from virtual to physical one, does it cause a flap.I have faced an issue that disabling caused aggregate i...

Resolved! MineMeld engine failed to start.

I was attmepoting to configure Minemeld to pull AWS ip addresses, but nothing happened when I hit commit. I noticed the Supervisor had stopped, and came across this earlier article. I issued the commands: sudo service minemeld stop sudo service minemeld start sudo -u minemeld /opt/minemeld/engine/current/bin/supervisorctl -c /opt/minemeld/local/...

Need to allow service for Ping application

Hi Team We have configured the one Destination NAT policy. My requirement is Ping the NAT IP (Public IP) from the external network. I have configured one security policy with application as 'ping' and service as 'any'. For the above configuration, I can able to ping the Public IP from the external network. But I want to allow the specific servic...

Resolved! User-ID not mapping all users

I'm using the PA's integrated User-ID Agent to setup User-ID. The moment I began monitoring DC controllers it begain to pull User-ID mappings. This is before User-ID was configured on any zone. However, when I configured User-ID on a source zone, the firewall doesn't getting any user mappings from that source zone. Select IP addresses (approx. 5...

Resolved! unable to get system info

This is a new one for me. My system is showing "active" (in active/passive) but the GUI is frozen and I see the following on the dashboard: PANOS 8.1.9 From the dashboard

fail.png

MineMeld - need help importing and processing syslog data

I installed the MineMeld VM on my ESXi box yesterday and it came up just fine, I can login to it from the VM Console, the web console, and over SSH. I've edited the /etc/rsyslog.conf file and /etc/iptables/rules.v4 so that syslog data is coming in from the firewall to the /var/log/syslog file. Question: How do I get MineMeld to process the sys...

Migrating server from port based firewall to Pal Alto

My company is moving a few servers from an old data center with an ASA to a new data center with a Pal Alto. A lot of the rules for the old server on the old firewall are showing port numbers only. I would like to use application ID as much as possible and don't know how to find out what applications use these ports. I know I can google a por...

Issue on updating cert on Palo Alto FW pair

I got an issue to update a cert on PA pair.The issue is very similar to what it describes underhttps://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldECASI import the new cert to both PA FW units and change config to use the new cert. However it comes with config out-of-sync issue and somehow the new cert on passive unit is...

PAN-OS 9.0 Static Route Commit Warning

Just a note here that I am getting a cosmetic warning during commit of a newly-upgraded PA-220 (my lab box) to PAN-OS 9.0. Prior to the upgrade, I had a static route in my virtual router, to redirect all traffic going to 192.168.1.0/24 to my tunnel.4 interface (which is an IPSec tunnel to another firewall). The route does not specify a next-h...

can't able to get response for show running security-policy command from the device via SSH

we are using Paloalto PA-5220 PAN-OS 8.0.7 virtual firewall. using a third tool we trying to fetch the policies using the command "show running security-policy". when the command is entered it stays still and the policies are not shown. It happens sometimes only. But other times we are able to fetch the policies correctly. couldn't able to find...

samgowri by L0 Member
  • 8047 Views
  • 6 replies
  • 0 Likes

NAT

HI,when do we use the destination nat ,source nat and identity nat I mean what is the use cases for the above Thanks

simsim by L4 Transporter
  • 5425 Views
  • 2 replies
  • 0 Likes

Interface issue - see traffic but no arp entry for gateway

We have an issue with an interface that is talking weirdly. We have changed ports to rule out hardware, and I can work ok with a laptop in the same switchport. The line comes from Verizon's media converter to a switch that is connected to the pair of HA firewalls and an HA pair of load balancers that use different addresses in the subnet. The ...

  • 24391 Posts
  • 123 Subscriptions
Top Solution Authors
Labels