General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Understaanding MSSP

Hello brothers,

 

Plz i really need your help, we have a big project with a big Service Provider, it's the MSSP, i know the concept but technically i don't know anything.

As i understood, the MSSP is a security as a service, the Service Provider host th

...

user activity ACC -CLI

Dears

 

I want to know the IP of this user "None",as per to a below image, through CLI ...Can I do?

 

Please feedback with the command or the way to know who it is ?

 

thanks

 

User Activity Log.png

commit status warning part II

Here is another interesting commit status dependency warning

 

"Rule 14 application dependency warning: Application ms-update requires ssl be allowed but ssl is denied in rule 15. " Why is an application in the rule above getting on a rule below it?

jdprovine by L4 Transporter
  • 1447 Views
  • 5 replies
  • 0 Likes

Resolved! gMSA integration with AD2016, creating computer account

I'm working with our AD admin, and we are trying to replace our DCAdmin account with a service account on our firewall. With AD2016, the MSA/gMSA accounts require that you link the account to a computer object.

 

I've seen in a couple documents that it

...

Resolved! Untagged L3 sub interfaces won't process traffic

Hi,

 

As described in following links we've configured multiple untagged sub interfaces all assigned to different vsys (different virtual routers and different zones) but with different IPs from the same network and the same VLAN:

 

https://live.paloalto

...

Source IP for SSL Forward Proxy in Virtual Wire Mode

Can someone tell me how to know/what would be the Source IP address for an SSL Tunnel Proxied from the PAN NGFW while running in Virtual Wire Mode ?

 

My topology is very simple:

 

User (Virtual Wire) ----> PAN ----> Internet

 

Does the Firewall initiate t

...

PA200 failed to discove rin SNMP server

Hi.

 

I have PA200 (PAN 7.0) device with snmpv2 enable but failed to discover in SNMP server.

When we did snmpwalk from server its giving message "No Such Object available on this agent at this OID".

Appreciate if some one can provide the exact cause of

...

karun44 by L0 Member
  • 1363 Views
  • 2 replies
  • 0 Likes

Resolved! New feature with active TP license

Hello,

 

We have a VM-100 Palo Alto at version 7.1.12 and we are looking to use the Palo Alto pre-defined Block lists.

 

The current Threat Protection license is using version  8001-4627 (04/06/18)  however the 2 pre-defined lists are not displaying in t

...

Farzana by L4 Transporter
  • 1490 Views
  • 1 replies
  • 0 Likes

Resolved! dmz design

Hi,

 

What is the benefit of having DMZ setup with two firewalls. 

 

If we have dmz setup with two firewalls ( I don't know this design is valid and adopted design, I found it  in the net ) 

 

If this is a valid design ,From local lan how the traffic flow

...

fw.png
simsim by L4 Transporter
  • 7017 Views
  • 26 replies
  • 0 Likes

Enforce Connection for Network Access

I want to see traffic over GP. In my understanding GP Portal configuration Enforce Connection for Network Access is Force networt traffic via Portal IP.  But it connected and not traffic registered under PA. 

Intermittent Aged-Out Traffic

I am hitting an issue where sessions are ending for the reason "aged-out".  Go figure the problem doesn't present itself readily when I have Support on the line.

 

The Setup: I have two ISPs.  One (I'll call it SummitNet) is an asymmetrical 30Mbps up /

...

Youtube Aged Out.PNG

ASA 5510 VPN

I want to replace a IKE1 VPN serviced by a ASA 5510 with a  IKE2 VPN serviced by the palo alto what i the best approach?

jdprovine by L4 Transporter
  • 3698 Views
  • 16 replies
  • 0 Likes

Cisco SFP+ Twinax Copper Cables to PA-5050

Hello.

Has anyone tried connecting Cisco SFP+ Twinax Copper Cables (sfp-h10gb-cu1m) to PA-5050 device? I've tried to find some info about it on PA KB but wasn't successful. Is there any document issued by PA listing all the supported 3rd party devices

...

santonic by L6 Presenter
  • 7723 Views
  • 6 replies
  • 0 Likes