This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

General Topics

Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 611 Views
  • 0 replies
  • 0 Likes

Trouble establishing IPSec to Cisco ASR 1001X

I'm working with a business partner and we've verified phase 1, phase 2 parameters. But this is what I'm seeing in logging after running test vpn ike-sa gateway:

 

2019-02-26 09:57:21.638 -0800 [PERR]: { 43: }: 77.77.236.54[500] - 207.99.97.218[500]:(n

...

How Set Up the VM-Series Firewall on XenServer?

Hello, everybody.

 

I purchased the Vm-300 virtual firewall.

I have installed XenServer 7.1 servers

I would like to install version 8.0+ of the firewall on this virtualization platform.

 

I have downloaded the OVA extension file, but the import of the virt

...

tls1.3 and required action?

I know I am late in posting about tls1.3.

I have my permiter 5020s doing inbound and outbound ssl decryption. I'm currently on 8.0.13 and never had any issues. with tls1.3 coming this March, should I fear of breaking ssl connections and upgrade to lat

...

Security Policy Application

Hello everyone,

I'm hoping someone can help me understand why a security policy is not applying the way I thought it should. Here's what I have:

 

I have each of our schools configured on different DHCP scopes. I then created an Address Object using sla

...

GCSS-RT by L2 Linker
  • 4301 Views
  • 10 replies
  • 0 Likes

Resolved! policy-deny website problem

Hey all,

PA-3020 8.0.7

I would like to access https://experimental-concert-research.org and I get "Secured connection failed"

The traffic log allows those packets, but session end reason says "policy-deny".

I have never seen this before.

Can someone tell

...

MPI-AE by L4 Transporter
  • 4209 Views
  • 4 replies
  • 0 Likes

Destination nat not working.

I have security policy untrust -trust(webserver publicip) and nat policy - untrust -untrust.

Wheni try to access web server public ip it is not hitting the security policy and is considering the destination in untrust zone

and denies the traffic.

Pa200

...

Resolved! Enabling OCSP in mgmt profile also allows http management

PA-220, 9.0.0, AV2899-3409, Content 8127- 5316

 

I've enabled HTTP OCSP on the management profile attached to a loopback interface.   HTTP and HTTPS are NOT enabled under Administrative Management Services (in fact, none are checked).

 

Nonetheless, the

...

bperez1 by L0 Member
  • 2650 Views
  • 2 replies
  • 0 Likes

Default Application ID change in 8.0?

We are migrating from some 200's running 7.1.x code to 220's running 8.0.x code. We had a rule that was working fine, allowing any traffic from a server to another server. We didn't define any apps or tcp ports. We have that rule in the new firewall,

...

Split DNS

Hello

 

We would really like to see a "split DNS" configuration for Global Protect, where you can specify certain domains that are sent to the internal DNS Server (or DNS Proxy), and all other domains get handled by the user's normal DNS servers.

 

Thank

...

MichelZ by L1 Bithead
  • 2941 Views
  • 1 replies
  • 0 Likes

Issue with WLC Radius request to NPS Server

Hi all,

I have an issue with the radius request through the firewall,

The radius request come from an cisco 1852-ME WLC and goes to an Windows 2016 NPS Server, both in different zones.

An simular setup with an firewall works fine.

The NPS Server does not

...

Resolved! Running config not synchronized problem

Hey all!

there are two pa 3020 with 8.0.7 in HA active passive.

Three days ago, I switched the passive fw to active.

Yesterday I switched back. I stated that the running config isn't synchronized, but I switched nevertheless.

So I think I should "sync to

...

MPI-AE by L4 Transporter
  • 19487 Views
  • 4 replies
  • 0 Likes

Resolved! Proxy Configuration

Hello,

 

Before switching to Palo FW from Cisco one of our customers could use proxy (http://10.x.x.x/optusproxy.pac).

 

Can you please confirm how can we set this proxy setting in Palo because couldn't find any option on GP to put proxy?

 

I tried using i

...

ecmp

Hi community,

 

Does anybody clarify my following doubts about preferred path in ECMP.

 

I am able to see * mark in one of ECMP route ?. what is that means?.

I have balanced round robin, so that each new sessions should take one path alternatively right ?

...

Resolved! show deviceconfig setting url - dynamic url filtering

 

When i run below command 

 

show deviceconfig setting url
[edit]

 

 

i see no  output.

I read that if above output is blank then we are not doing the dynamic url filtering on the PA?

 

Need to know should i enable this and how it can effect the performance o

...

MP18 by Cyber Elite
  • 3636 Views
  • 4 replies
  • 0 Likes
  • 23936 Posts
  • 113 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks