General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! PBR forwarding does not work

For the first time I configured a Palo Alto firewall.

I have created three zones each connected with a specific interface:

INTERN

EXTERN

DMZ

 

For each zone I created a virtuel router each configured with static routes :

Intern:

DMZ -> Interface DMZ

Dmz:

EXTER

...

ZEBIT by L3 Networker
  • 2641 Views
  • 7 replies
  • 0 Likes

Pro active monitoring for routing table

Hello,

 

We have faced problem where routing table is full and we had an outage where customer were unable to access Internet for specific sites.

 

We asked for syslog or SNMP traps on it but we received as of now, there is no provision to monitor it

...

OpenVPN to a server behind PA

I have a dest NAT setup with port translation thus:

untrust untrust public IP tcp 443 > private IP tcp 1194

 

Policy set as

untrust trust any src to public IP for 443.

 

The NAT works fine, but I see aged-out on the traffic monitor, and no traffic at all o

...

Resolved! Problem with Panorama shared context

Hi, I am currently migrating our firewalls to Panorama and have a problem with shared settings.

Every Panorama commit shows me Warning:

 

  • Disabled applications in shared: intercall google-spaces-base google-spaces-posting zenefits gitlab-base gitlab-upl
...

linhartj by L0 Member
  • 4728 Views
  • 2 replies
  • 0 Likes

GlobalProtect Users appear on GUI and not on CLI

PANOS 8.0.5

Current connected GlobalProtect Users appear on GUI by “Monitor/User-ID/Source-type=globalprotect” and not appear on CLI "show user ip-user-mapping all type GP”: the record is not absolutely present.
On PANOS 7.1 the CLI command "show user
...

Aiace by L1 Bithead
  • 1657 Views
  • 1 replies
  • 0 Likes

File minemeld-web.conf doesn`t exist

I`m looking for file minemeld-web.conf  into /etc/nginx/sites-available/minemeld-web.conf  directory but it doesnt exist, there`s only default file.

 

I need to change HTTPS services to HTTP

 

I installed the super fast setup from the site https://live.p

...

vhgambit by L1 Bithead
  • 2256 Views
  • 1 replies
  • 0 Likes

Resolved! OpenConnect client with a Global Protect plugin

Hello,

 

We found that only 1 factor authentication is required when connecting to the VPN using OpenConnect client with a Global Protect plugin, it appears that it bypasses the portal authentication and only requires the gateway authentication. We hav

...

Farzana by L4 Transporter
  • 12736 Views
  • 2 replies
  • 1 Likes

ECMP between virtual router with or without PBF.

Hello all,

The end game is make the most eficient way to balance 8 IP's.

Since ECMP is limited to 4 IP's, I'm trying to make two VR's of 4 ISP's and make PBF, but since PBF need to specify egress interface and next hop I "guess" it will not load balanc

...

UNAPEC by L0 Member
  • 1243 Views
  • 0 replies
  • 0 Likes

Licence NFR PaloAlto

Hello

 

I just receive my PA-850, i made the registration of the device in support section, but after this registration, i can't see the licences for the new device :

Threat Prevention
BrightCloud URL Filtering
PAN-DB URL Filtering
GlobalProtect Gateway
Glo
...

nfr palo.jpg

Resolved! Log Forwarding for Flood event

I'm familiar with the process of setting up a log forwarding profile and attaching it to a security rule.  But how would this work for alerting on a flood event?  In a flood the attacker IP is 0.0.0.0 and the victim IP is 0.0.0.0.  This won't match a

...

Global Protect on macs using active directory logins

Hi

 

We use ad accounts for users to login to the macs (arrange of MacOS versions), but from a certain day we been told that users need to use global protect to VPN in our sister company to use certain resources, mainly email.

 

Once global protect is on

...

slinxy by L0 Member
  • 596 Views
  • 1 replies
  • 0 Likes

Application Risk level

What happens when you change an application risk number from a 5 to a 1? Does this just change the read out of your risk level or does it change the way the firewall acts on the application?

jdprovine by L4 Transporter
  • 1713 Views
  • 4 replies
  • 0 Likes
Top Solution Authors
Top Liked Authors