General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

syn without window-scale option

Hi community, 

i am trying to access a website from LAN side of palo alto, even though correct policy is configured, tcp handshake was not complete. after packet capture i am able to find below points

  •  client sending syn packet
  • but i am not able to get
...

Passive node strange behaviour matching rules

Hi,

 

We have a cluster in PanOS 8.1.2. Suddenly we were reported that several users didnt work properly. We went to the active node and saw this:

 

In order to solve quickly we decide to do a failover. After that i worked properly.

 

So we would like to k

...

rule.jpg
setrule.jpg
BigPalo by L4 Transporter
  • 1500 Views
  • 2 replies
  • 0 Likes

Global Protect not working after upgrade

Hi

 

I have upgraded my passive palo alto firewall to 7.1.20 post which global protect portal is not working.

 

I'm seeing SSL session cache request comming in from external source. But the webpage page cannot load after adding the exception.

 

Same works

...

Home internet acccess with 1gb but...

Hello,

 

Looking for suggestions and recommendation,  just got an offer from the ISP to upgrade the Internet speed to 1Gig down and 10Mbps up for a very good price.  Except I have a PA220, the spec is good for 500Mbps with AppID and 150Mbps with threat

...

Destination mac

I was having issues with DHCP being blocked, so I can a packet capture from the PA to see if I could tell was was blocking the DHCP traffic and if it could possbile be the PA. It shows the mac address of the interface on the PA as the source and then

...

jdprovine by L4 Transporter
  • 6405 Views
  • 20 replies
  • 0 Likes

Global protect with loopback ip address and port number

Hello all

We have one public IP address and two groups of users who must connect to Head Office but get different policies

We decide to use loopback ip address and NAT it to the public one but with different port (for example loopback ip 1.1.1.1 and pu

...

Radmin_85 by L4 Transporter
  • 4974 Views
  • 8 replies
  • 0 Likes

Is it secure ?

Hello all

We have configured GP REMOTE ACCESS VPN with OTP  authentication.

Ones we try to connect to Portal it failed to pass at the first time only second time.In Radius server we see that it tries to authenticate first the Ldap account then VPN acco

...

196a29e9-25ea-4d60-8419-89dec249898b.jpg
64670083-273b-46e3-a99e-f1db5b8ccf9d.jpg
Radmin_85 by L4 Transporter
  • 2317 Views
  • 3 replies
  • 0 Likes

Resolved! ha syn failure - url filtering

 

on passive PA we are seeing 

 

( description contains 'No synching file to peer because local state is not Active (Passive).' )

 

is this normal?

MP18 by Cyber Elite
  • 1815 Views
  • 2 replies
  • 0 Likes

Cannot Sync Running Config in HA active/passive

Hi All,

 

I have a PA3020 with 7.0.5-h2 PAN-os version.

I have tried different times to sync manually the running config on passive member without success.

 

I can clearly see from the Active Member's "ha_agent.log" these errors:

=========================

(

...

Resolved! MineMeld and Office 365

I've used MineMeld in the past and I've been very happy with all of it's functions.  Recently, I've started a new job and I've recommended MineMeld as a solution to get O365 IP's into the firewall for writing policy.  Microsoft announced on April 2nd

...

Resolved! Changing Firewall Rule Names (Security Policies)

I need to rename a whole bunch of firewall rules (Security Policies).

Ive done a search here and looked in the manual; I think I know the answer.

I can change Firewall / NAT rule names as needed? There will be nothing else I have to change right? This

...

choff123 by L3 Networker
  • 3864 Views
  • 3 replies
  • 0 Likes
  • 24182 Posts
  • 101 Subscriptions
This widget could not be displayed.
Top Solution Authors
Top Liked Authors
Labels