General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Why PA is Responder for Phase 1 and Initiator for Phase 2

Seems Phase 2 is down and system log shows below logs again and again and ( description contains 'IKE phase-2 negotiation is failed as initiator, quick mode. Failed SA: 198.160.x.x[500]-173.182.x.x[500] message id:0xF55F380F. Due to negotiation timeout.' ) i do not have to device 173.182.x.x When i run below command i s show vpn ike-saIKEv1 ph...

MP18 by Cyber Elite
  • 6842 Views
  • 4 replies
  • 0 Likes

giving the outside interface multiple ip?

im facing issue where a firewall with a outside interface is not receiving public ip adresses from the isp router , the isp router is showing it is own interface which is connected to the firewall as the arp destination for the public ip subnet instead of the router , so i was wondering can i add multiple ip addresses to the PA layer3 outside in...

chuckles by L2 Linker
  • 5138 Views
  • 7 replies
  • 0 Likes

Captive portal to redirect to intranet site

Trying to set it so when users open their web browser and no matter what they go they are redirected to an intranet site for the first web request of the day. Same thing as a captive portal at a hotel, coffee shop, etc. Want it to redirect to http://intranet.company.com/ just once. Hoping the splash page could come up and just require an accept ...

Resolved! Custom URL Category

I have a test url category with only one url. i have applied this url category to a test policy, not using a profile but directly in the policy under "service/url category". when i browse to the site it uses the correct policy to allow the request... however... any other traffic that cannot be decrypted is showing in the traffic logs as url cate...

Mick_Ball by L7 Applicator
  • 7698 Views
  • 9 replies
  • 0 Likes

How do I make a feature request for GlobalProtect?

I'd love it if the last Gateway I used was the default on my list instead of Best Available. Or if this was an option that I can turn on. If I am on a different network, perhaps it makes sense to default to Best Available, but it never picks the best available for me. I live close to one of our offices and work out of one that is slightly far...

calasyr by L1 Bithead
  • 8005 Views
  • 12 replies
  • 0 Likes

Resolved! New minemeld deploy unable to login to GUI

Used OVA to deploy it on ESXi. Default admin/minemeld did not work after deployment and NO changes. Gives the message "ERROR CHECKING CREDENTIALS: Bad Gateway" Logged in via CLI and ran the following: ubuntu@minemeld:~$ sudo htpasswd /opt/minemeld/local/config/api/wsgi.htpasswd admin New password: Re-type new password: Updating password for ...

drewdown by L4 Transporter
  • 34599 Views
  • 13 replies
  • 1 Likes

Resolved! How to install & upgrade Firewall new on client side

We had ordered the firewall and it's been delivered to client Now we want to configure and upgrade without distrubtring the current network what is the best way to do this or we had to bring it our side to configure and send back? Any document or client had to plug in separate network with the internet?

NavidAlam by L3 Networker
  • 7377 Views
  • 8 replies
  • 0 Likes

Screenconnect App

Hi to all, this is Marco. I just update my 850 from PanOs 8.0.15 to 8.1.7.Now i can find in the APP list screenconnect.When i try to create a rule using screenconnect, the firewall tell me unknow-app.Keeping in mind that the destination addresses of screeconnect servers change often, please someone have some tips to help me ? Thanks indeed. Ciao...

User ID Agent: Connecting (The stub received bad data)

Hi Community, I have a problem with a User ID Agent issue.I'm sure it's not related to the Palo Alto software - more a microsoft thing, but maybe one of you guys experienced the same: User-ID Agent-Server: Windows Server 2012R2User ID Agent 8.1.8-3 We configured the User ID Agent in the morning and during the day, the Microsoft team did a domain...

Chacko42 by L4 Transporter
  • 5463 Views
  • 1 replies
  • 0 Likes

Rules Not Applying Appropriately

Hello everyone! Let me preface this discussion questionb by acknowleding that I've inherited a PAN configuration that I know has issues. With that said, I'm noticing that some devices do not get the correct policies applied when others that are in the same groups do. I'm going to ask a question that may be WAY too generic. If it is, please tel...

GCSS-RT by L2 Linker
  • 4932 Views
  • 5 replies
  • 0 Likes
  • 24394 Posts
  • 123 Subscriptions
Top Solution Authors
Labels