This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

NAT Configuration to access Remote Desktop

Hi,We need to configure an input rule to authorize an public IP address to access at one of our virtual machine on our subnet.Concretely, I need to authorize public IP address 195.193.194.195 access directly to our virtual machine with the private IP 192.168.1.1 on the port 3389 (Remote Desktop) only via our public IP address (82.83.84.85).I con...

feelgood by L2 Linker
  • 17532 Views
  • 10 replies
  • 0 Likes

SSL Decrypt & Windows Updates

Hello, I've been having a problem with Windows Updates when SSL Decrypt is turned on and I'm wondering if anyone else had to add these "new" Microsoft URL's to the decryption exclusion list. My firewall is on version 8.0.3 and my Windows version is Windows 10 Enterprise 1703 (Build 15063.483). I'm not sure what update package includes SSL Decryp...

kalakai by L2 Linker
  • 10902 Views
  • 3 replies
  • 5 Likes

PA is dropping SYN packet with ECN and CWR

Hi Team, @reaper , @BPry Recently I have come across a scenario that palo alto was dropping TCP SYN packets which have ECN and CWR bits set. upon checking the global counter, i have seen that the drop reason was 'process owner message err, no predict'. anybody have seen this?. PA doesn't support SYN packets with ECN and CWR set ?.. Once I disab...

Resolved! Agentless User-ID - change password

Hi 2 all We have working Agentless User-ID and User-Based and Group-Based PolicySpecial AD-account, "pauser" have necessary permissions. I found, what its login and password is configured in Device > User Identification > User Mapping > WMI AutenticationDevice > Server Profiles > Ldap > "Name of LDAP Profile" I need to change ...

aaobuhov by L2 Linker
  • 3916 Views
  • 1 replies
  • 0 Likes

Anti-Spam list for EDL

Hello. A customer would like to add smo more anti-spam features to a Palo Alto FW setup and is intersted in using EDLs in connection with publicly available anti-spam lists. Anyone knows a good and free anyti-spam list I could use for that? I've checked all the most known ones but they all offer only lookup capabilities (you query an IP/FQDN and...

santonic by L6 Presenter
  • 5320 Views
  • 2 replies
  • 0 Likes

Resolved! Setting up a NAT pool with a PAT address for any spillover

We migrated from Cisco ASAs to PAN-3020 devices and I'm curious whether a feature from my ASAs exists in the PAN world. On our ASAs, we could create a pool of dynamic NAT addresses that would be matched 1-for-1 with inside hosts going to the Internet (we own a large block of public IPs, so we can do this). On the ASAs, once the dynamic NAT pool ...

LorenzoM by L1 Bithead
  • 8399 Views
  • 2 replies
  • 0 Likes

Remote Access on passive node of firewall ha cluster

Hello all, I am currently configuring an HA cluster (active / passive) with the following configuration: Primary (active) box: PA-820ethernet1 / 1: 1.1.1.1/29 (external interface)ethernet1 / 2: 192.168.0.1/24 (internal interface)MGMT: 192.168.50.251/25 (Management interface) Secondary (passive) box: PA-820ethernet1 / 1: No IP address, as this is...

Ipsec Proxy_id configuration issue

Hi Team, I'm not able to configure two separate proxy id in PA-3020 firewall. If I configure either the tunnel goes down or one of the proxy configured second is not working. Ipsec tunnel is IKEV2 between sonicwall and PA-3020.I'm getting error "ikev2 child sa negotiation failed when processing traffic selector..."

vpn.JPG

Conditional NAT configuration request

Can you please guide me with this scenario and configuration. I have multiple VPN clients who access two servers (A and B) in DMZ (Outside to DMZ). The server A has evolved and the new replica of the server A now lies on the inside of the Firewall instead of DMZ. In this case, I need to do Destination NAT for server A (which I donot see any pro...

Resolved! Pushing config from Template stack

We have same template name say corp 1 and corp 2 then we have template stack name dept and add these two templates corp 1 and 2 to this. Now if we push config from template stack to PA will it be pushed from both corp 1 and 2 ??? say corp1 has syslog name test1corp 2 has syslog name test2 will it add both to the PA?

MP18 by Cyber Elite
  • 3878 Views
  • 2 replies
  • 0 Likes

Resolved! Panos 8.1.9

Hi Is this a recommend version to move to, currently on 8.1.5. What about 9.x is it ready ?

Resolved! No deny or drop traffic appear on Panorama

Hi All, We recently add palo alto firewall to the customer as 2nd layer firewall - 2PA820 and 1 Hyper-V panorama. Panorama is in panorama mode and we use it for log collector and management the firewall. Now, we have a weird issue that in panorama, we don't see any deny or drop traffic and firewall itself has deny and drop traffic.we are running...

  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks