General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! New To PA- Differences between WebUI & Panorama

My company is about to deploy PA's in a few of our data centers as well as a single Panorama VM.  I have a traditional ASA background & want to know some basic theory on how PA's are configured.  I am enjoying the free training on the support site bu

...

Resolved! MineMeld install error bower install

Hi all,

 

I have installed successfully minemeld on a test Ubuntu 16.04.

I try to do the same now in production and get an error on bower install :

fatal: [127.0.0.1]: FAILED! => {"changed": true, "cmd": ["bower", "install", "--allow-root"], "delta":

...

User Acitivity Reports - Denied Traffic

Afaik the User Activity Reports only show allowed traffic from the users. I am trying to find the URL from an IP, which I can see the user have been trying to visit, but got denied.

Is there anyway to do so?

 

The IP is a service from Amazon, and theref

...

Unable to block Skype

Testing target is Skype which came with Windows 10.

Use the method in the link below and was work (for 1-2 days)

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Block-Skype/ta-p/52103

 

Then 1 day suddenly found that it not working any

...

jeremylo by L3 Networker
  • 1202 Views
  • 1 replies
  • 0 Likes

Always-ON VPN in the internal network.

Hello,

 

I am looking to configure an always-on VPN with full tunnel access and enable"Enforce Global protect for Network access".

This basically means that users have to connect GP portal to access network when logging in to their machine when off-prem

...

Resolved! Cannot ping INTO mgmt interface, but can ping out?

Did something the other day and now i cannot ping/https/ssh to the firewall on its management interface, even though from the firewall i can ping out.

 

I dont think this is a routing issue as i can do it the other way(out of the device), and the devic

...

welly_59 by L3 Networker
  • 8228 Views
  • 13 replies
  • 0 Likes

OCSP unknown status

Hi team,

 

I am configuring Firewall as CA and local OCSP responder to use in GP VPN with client cert authen.

However, all the client cert that I generated from the Firewall got "unknown" status in OCSP. So I client cannot authentiate by this cert.

 

Can

...

Packet Dropped

Hi Team,

 

Need your help.

While running global counter I can see continously packets are gettignn dropped with below error.

 

a609598@paf-ld6-mvs-01-01(active)> show counter global filter packet-filter yes delta yes severity drop

Global counters:
Elapsed t

...

IPsec packet drop , once the ecmp is enabled

Hi Team 

 

we are facing packet drop issue on ipsec traffic once the ecmp is enabled . 

we have two ISP and wish to balance the traffic and using balanced round robbin for the same , once this is enabled ipsec packet drop occurs and if we disable ecmp e

...

Rameshwar by L3 Networker
  • 3516 Views
  • 12 replies
  • 0 Likes

Active/passive HA on PA5020

I am using this link https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-High-Availability-on-PAN-OS/ta-p/54086 to try to configure active/standby HA on my 5020 and I am confused about the ports (control links (CL) ha1, CL ha

...

Capture.JPG
jac101 by L2 Linker
  • 1584 Views
  • 3 replies
  • 0 Likes