General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Any pitfalls upgrading VM-100 to 9.0?

Hi, I have a VM-100 running the latest v8 under VMWare ESX 6.7. Should I expect any problems upgrading to v9? I have browsed the docs and found no red lights, but I just want to ask here in case I have overlooked something... regards Tor

PAN-OS recommendation

Dear All, Currently PA 5200 is running with PA-OS-8.0.13 and we are facing issues with the number of objects that we could create. Release notes of 9.0 provides a promising object count increase. Kindly provide a stable version of 9.0 and PoA to upgrade from 8.0 to the recommended version. https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-...

Resolved! Is higher latency normal on a VM compared to hardware?

Hi All At home I run a PA-200, but I've been toying with the idea of moving to a VM (both lab-licences).. But whilst the VM runs WebUI runs 100x quicker, MGT interface is fine, but on the actual FW interface it has a much higher ping latency. When pinging a FW interface on my PA-200, I get average of 1-2ms response times, but on the VM, I see an...

projxit by L1 Bithead
  • 6667 Views
  • 1 replies
  • 0 Likes

Resolved! when doing commit from PA i get error

i am doing temp override on the PA so that managenet interface ip permitted list is as per panorama but when i do validcommit etails:vsys1Error: No PROXY_OPTOUT notify page defined in vsys1.

MP18 by Cyber Elite
  • 15518 Views
  • 12 replies
  • 0 Likes

Resolved! QoS Guaranteed Bandwidth question

We have a couple of tenants in our building and I was wanting to insure a guaranteed bandwidth of our 100 Mbs circuit for us regardless of what the tenants are doing. I was looking at something like this: I set all of our traffic to class 1 and all tenant traffic to class 2; create a QoS profile that sets class 1 with guaranteed bandwidth to 75 ...

Bvance by L2 Linker
  • 8603 Views
  • 4 replies
  • 0 Likes

querying regarding URL filtering profile

I had created a custom URL category (for specific tiny url let say *.tinyurl.com/) & in the url filtering profile I had opted for option to continue for this custom url category to make user acknowledge the action & log the event. but the caveat here is I see the user being going to the palo alto continue page but sometimes he can seamle...

Sanssj by L2 Linker
  • 4003 Views
  • 2 replies
  • 0 Likes

Resolved! Dataplane Limitations - When to use a router for intrazone vlan routing?

Hi,This is a question about when to use the firewall or a seperate core router to route traffic vor vlans in the same zone (intrazone).As this traffic does not need to be inspected, it should only be using the network layer and cpu of the dataplane. I tend to use the FW (simpler, more secure) but at which point would you recommend using a seper...

Scruffy by L1 Bithead
  • 5470 Views
  • 6 replies
  • 0 Likes

New NG PA implementation path URL

Hi all, we are replacing our aging ASA VPN with the new PA GlobalProtect. ASA has a path of someurl.com/path rather than just a default someurl.com. Makes it a bit harder for the bad guys to guess. Is PA capable of creating a path, rather than a default url? thank you in advance for the helpRegards

au_igs by L1 Bithead
  • 5208 Views
  • 5 replies
  • 0 Likes

Resolved! Palo Alto - Dynamic Updates

Hi I'm new to Palo Alto alto. but my company have several diffrent versions of Palo alto firewalls, some with direct support via palo alto PA-3050 where i have access to download the Dynaic updates directly. Plus some that we have support through a reseller that they need to download the updates and send to us as the firewalls don't have access ...

kev91234 by L1 Bithead
  • 5590 Views
  • 4 replies
  • 0 Likes

Resolved! Re-order BGP Import/Export Filters via CLI/API

Hi, I'm looking for a way to re-order BGP Import/Export filters via the CLI or via the API (preferrably CLI). I have not been able to find a set, move or edit command which does this and searching the API browser there doesnt seem to be a path that would be able to alter order of these rules. Is this even possible? Cheers

Resolved! Documentation bug? User-ID XML API has double closing tags

The XML API documentation for 7.1, 8.0, 8.1, and 9.0 appears to have an extra closing tag for the <uid-message> object. You can see it on the following pages: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-panorama-api/pan-os-xml-api-request-types/apply-user-id-mapping-and-populate-dynamic-address-groups-api.html https://docs.paloalt...

fjwcash by L4 Transporter
  • 3332 Views
  • 1 replies
  • 0 Likes

Proof Of Concept - Focus Points On Mid POC Call Before Final SLR

Hi community, I'm wondering what you guys like to focus on when running a Proof Of Concept with the nextgeneration firewall? For example, you are running a PoC in TAP mode for two weeks. At the half way mark you have a call with the customer to show them what kind of traffic and/or threats have been seen, usernames in the logs. Do you mainly foc...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels