This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

DNS Proxy Configuration with VPN

Hi, I'm trying to route to some internal domain controllers for domain local DNS, and public DNS servers for everything else. This seems reasonably straight-forward except that when I specify the internal network IPs of the Domain DNS servers, they timeout all requests for domain DNS when looking up via the Palo DNS proxy. All other DNS resolves...

Envisian by L0 Member
  • 3704 Views
  • 1 replies
  • 0 Likes

Server Response Inspection for HTTPS/VPN/Encrypted Protocols

Hello, we are experiencing slow/failed downloads and slow/failed file transfers over protocols like HTTPS, SSL, VPN. like to hear some opinion regarding "Disable Server Response Inspection", does PAN actually inspect encrypted sessions even though there is no SSL Decryption configured? For DSRI, usual deployments are Inbound traffic toward Publi...

Resolved! high management CPU

Good day community.We are using PAN 820 and the management CPU isn't stable for the last 3-4 days.It's going from 10-15% to 70-100% and stays like this for some time and this happen several times a day.So, the GUI interface is freezing and also I noticed that connection to internet is freezing too. So, speedtest shows a normal speed, while brows...

1.jpg

QoS Methods, Design & Configuration

I have a site that only has 5 megs of upload speed and its constantly getting fully utilized. I know I should probably get more bandwidth from the ISP but thats simply not an option right now. Anyway here is my goal. I would like to make the firewall perform strict allocations of gaurenteed bandwidth for 3 different classes I have configured ...

QoS Statistics.PNG

Resolved! Deal Reg area single sign on error

Hello, so i've been trying to access the deal reg area on the "NextWave Partner Portal".The problem is that i'm always greeted by the following error: Is there some mailing address for these kinds of errors or generally speaking can i do something to fix this? Regards

Bildschirmfoto 2019-05-01 um 17.40.28.png
iweltag by L2 Linker
  • 5442 Views
  • 3 replies
  • 0 Likes

aggressive-cleaning enable but still got disk usage email alert?

i have configured the command below but still got email alert model: PA-5050sw-version: 8.0.9 -NGFW-1(active)> show system state | match aggressive-cleaning cfg.debug-sw-du.config: { 'aggressive-cleaning': True, }domain: 1receive_time: 2019/04/29 05:03:23serial: 002201001803seqno: 6880362actionflags: 0x8000000000000000type: SYSTEMsubtype...

MP18 by Cyber Elite
  • 8028 Views
  • 8 replies
  • 0 Likes

Resolved! IPSEC GUI shows green for both phase 1 and 2 - Need to restart the ipsec to ping across the ipsec

Gui shows both phase 1 and 2 up.Can not ping lan IP at vendor end. when i ping vendor lan ip i see below ( description contains 'IKE phase-2 negotiation failed when processing proxy ID. cannot find matching phase-2 tunnel for received proxy ID. received local id: 0.0.0.0/0 type IPv4_subnet protocol 0 port 0, received remote id: 192.168.46.32/28...

MP18 by Cyber Elite
  • 3535 Views
  • 2 replies
  • 0 Likes

Resolved! Route Monitoring. Possible FR?

Hi I ran into an interesting requirement which (I believe) is not possible with the current path monitoring features for static routes. Here is my scenario... First lets just remove dynamic routing from the equation. For this specific use case dyanamic routing isnt possible between R1, R2 and the PA. PA has a default route configured to R1. R1 i...

4D83FE9B-261E-45EA-9969-1C48BD460C9F 4.png
4D83FE9B-261E-45EA-9969-1C48BD460C9F 6.png

Require authentication via global protect when connecting to data center resources

In an attempt to secure connections to production resources. I would like to implement a policy that if you are for instance using SSMS to connect from one location to a database in the data center, that you first have to authenticate via global protect client using two factor authentication before you can connect to said resource. any guidance ...

Resolved! IPSEC VPN from PA to Multiple devices - Using same crypto profiles?

We have PA running IPSEC to different remote sites.Each site has different Public and Private networkFor each site i need to create tunnel interface and do the same config over and over. Say if i need ipsec to 15 sites then for each site i need to create separte tunnel interface i understood that. can i use the same ike and ipsec crypto for a...

MP18 by Cyber Elite
  • 3347 Views
  • 2 replies
  • 0 Likes

Certificate based authentication for IOS microsoft intune intergration

HI @gwesson I have an issue in client based authentication for IOS devices. I have imported the client certificate in windows and android it works same cert installed in iphone it shows an error client certificate not found. Recently, I have see behaviour of client certificate installation has changed in IOS 12. Client certificate should be d...

Resolved! LDAP authentication failover

Hi Community,I have 2 Domain controllers serving user information. I have configured these 2 under same LDAP server profile. I am using this profile in authentication profile for GP.I configured 4s each for search and bind timeout under LDAP server profile.I need the user should be authenticated with second server when first one is down(it is th...

Resolved! Multiple vpns to the same peer

Hi, We have a requirement where-in we need to configure 2 vpn tunnels to the same remote peer.Also the remote end local ip address ranges are the same. Below is a quick explanation Tunnel 1MyPeerPublicIp = 1.1.1.1RemotePeerPublicIp = 2.2.2.2MylocalSubnets = 10.1.1.0/24RemoteLocalSunbets = 10.2.1.0/24 Tunnel 2MyPeerPublicIp = 1.1.1.1RemotePeerPub...

adil.bgz by L1 Bithead
  • 22591 Views
  • 7 replies
  • 0 Likes

Resolved! how long phase 1 will show as red in web gui?

We have ipsec tunnel to vendor. web gui shows phase 1 as down and phase 2 as up.i can ping across the vendor network.traffic is passing via tunnel show vpn flow shows active. need to know how long web gui will show phase 1 is red?when web gui will show phase 1 as green? Also from cli below command does not show that phase 1 is down? show vpn ik...

MP18 by Cyber Elite
  • 3209 Views
  • 2 replies
  • 0 Likes

PA 5220 vsys HA Support

Hi, we have a pair of PA 5220 appliances currently running only the default vsys (vsys 0) in an HA (Active / Active) Setup. We would like to add additional vsys instances and also have each of the new instances running in a HA A/A Setup. Would the HSCI Port (currently configured for HA2 and HA3 HA A/A Traffic/Sessions support) as well as the HA1...

CarloMun by L0 Member
  • 4879 Views
  • 3 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks