General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Policy rule hit-count data is not stored on the firewall or Panorama

For link below https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-new-features/management-features/rule-usage-tracking Policy rule hit-count data is not stored on the firewall or Panorama so after you clear the hit count using the reset option, that data is no longer available. Where is this data stored??

MP18 by Cyber Elite
  • 6818 Views
  • 2 replies
  • 0 Likes

Resolved! commit error

today i got commit error Client websrvr requesting last config in the middle of a commit/validate. Aborting current commit/validate. Commit failed Fix was i just need to run the commit again.Need to know why this commit error occured?

MP18 by Cyber Elite
  • 9248 Views
  • 2 replies
  • 0 Likes

Setting All traffic of a specifif URL to the primary ISP

Hi Everyone! How will I set all traffic from https://www.siteground.com/ to my primary ISP? Because Currently we have two isp and running in a balanced round robin. The issue is whenever we go to the website it shows an error "Due to ip changed instantly"What are the procedures and confgurations should I do? Thank you

AVITUTS by L0 Member
  • 3531 Views
  • 3 replies
  • 0 Likes

Panorama reset Authentication Profile (Certificate Profile based Authentication) via CLI

Hi, I have configured (on a test Panorama VM - luckly not on the production one) a SSL Certificate Based authentication following the steps provided on the Panorama Administrator's Guide; somehow It didn't quite worked out and I'm currently locked out.I do have admin access to the Panorama VM via CLI -> is there any chance to reset the GUI au...

PBF state is dicard

I have 2 internal test IPs, 172.16.16.2 and 172.16.16.3. These 2 IPs are respectively PBF, which implements different paths. And these two IPs have done two-way NAT. Map them to a public network address. The problem that arises now is that 172.16.16.2 can normally access an address on the external network, but 172.16.16.3 cannot be accessed. Som...

pbf-rule.png
pbf-config.png

How to make PA side as intiator for VPN with Azure

We want to make Palo Alto side as intiator for VPN with Azure . Currently we have IKE settings as aes256,3des , sha1 sha256 and group 2 .with lifetime less that azure standard 28800 still we are seeing PA acting as responder. Basically issue is with PA is responder we are facing packet loss with azure resources. below is article we reffered. htt...

Resolved! minemeld-web FATAL, CENTOS Latest Dev Edition

I performed a recent git pull and performed the standard upgrade due to we were having issues on the edition we were on. However the minemeld-web will not load. I tried the revert back to pip 9.0.3 command for others having the with no luck.When trying to install minemeld stable it won't install at all so I continued with dev (as that is what we...

WilliamT by L0 Member
  • 5587 Views
  • 2 replies
  • 0 Likes

Top urls by Bandwidth for a user

Hi Everyone,This is probably a very simple task, however i am not getting the result I am after. I am trying to create a report that shows me the top URLS by bandwidth for a user for the last 7 days, in the User Activity Report ( predefined) it shows Traffic summary by URL Catagory not the url itself. which is what I am after however not URL cat...

Resolved! Destination NAT

Hi there,I have few URL acessible publicy one of them is WWW and HTTPS. I have dedicated HTTPS URL(xyz.com) however all other www URL(abc.com) is also accessible though https and redirecting to that https url(xyz.com). i am not sure what i am missing here but any help would be deeply appericiatedThanks in advancePratik

Resolved! SSL Certificates import

Hi All, I need to import some SSL certificates for a Global Protect instance. Customer has already supplied me with their wildcard certificates which I have imported but I cannot select them when creating an SSL/TLS Service Profile. Can I set up this way or should I generate the CSR from the firewall and get the certificates created for me? Rega...

a.jones by L3 Networker
  • 4255 Views
  • 2 replies
  • 0 Likes

SSL Outbound decryption - Outbound traffic

Hi There, I need your inputs to implement SSL Decryption, currently we have Proxy Server - WSA and same is configured at all end users explicitly. WSA Doesn't have ssl decryption. Hence we would like to deploy ssl decryption at perimeter firewall palo alto. Please suggest how to implement the same and which certificate needs to be used. As i am ...

upgrade 7.1 to 8.1 ha pair and panorama

Hello, I'm going to upgrade pa 5020 *2 and m 500 to 8.1.9 from 7.1.18. My plan is:Upgrade 8.0.19 M-500upgrade 8.0.19 passiveupgrade 8.0.19 activeupgrade 8.1.9 M-500upgrade 8.1.9 passive upgrade 8.1.9 activeLog migration for M-500 My concern is when I upgrade M-500, stored log should be remain. Are the logs removed when upgrade panorama device?An...

yhlee1 by L2 Linker
  • 5182 Views
  • 3 replies
  • 0 Likes

Resolved! Source MAC address white-list filtering on the PA-220?

Hi all, I am new here so sorry if this is in the wrong place. At my work place we have a new single PA-220 firewall router that I am configuring to be used as a router/gateway out for SIP traffic. The IP phones will use a interface on the PA-220 as their default gateway. What I want to know is it possible (and if so how) to configure a s...

eveares by L1 Bithead
  • 17295 Views
  • 2 replies
  • 0 Likes

Resolved! GlobalProtect Event log

Hi, I am trying to trigger a GPO event in Windows Task Scheduler on the event when someone connects to global protect.Does anyone know where I would find that?

acura771 by L1 Bithead
  • 14983 Views
  • 10 replies
  • 0 Likes

Resolved! Cant find option to take ACE exam

Hello i had been trying to take the ACE exam but i couldnt find the option of ACE in the learning center, only PCNSE and PCNSA. I actually wanted to take the ACE since im working for a partner of Palo Alto and ACE is needed to take PCNSE directly afterwards. However, when i logged with my company's mail/account i found the ACE exam option and ...

  • 24403 Posts
  • 123 Subscriptions
Top Solution Authors
Labels