General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! SSL inspection with Java applications

I have found that Java appears to use it's own certificate store which is causing me grief. Work around is to install our root CA within the Java control panel but this is not efficient for a large organization. Has anyone found a way to push root CA's to Java through GPO's or make Java use the Windows certificate store using GPO's? We have a ...

DIRTT by L2 Linker
  • 7674 Views
  • 3 replies
  • 0 Likes

extending vlan

Hi, I have two pa device , if . Both are in two differnet site . and I want to access the device in vlan10 from one site to another . How can i do that . vlan 10 ----fw1 --------------fw2---vlan 10 Thanks

simsim by L4 Transporter
  • 11057 Views
  • 13 replies
  • 0 Likes

Static route path monitoring

Hi All, We have PA-820 models with Active-Passive configuration. I have configured the static route path monitoring based on this guideline - https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/networking/static-routes/static-route-removal-based-on-path-monitoring.html Just would like to know, would there any impact in removing the stat...

ChiragP by L2 Linker
  • 6562 Views
  • 2 replies
  • 0 Likes

Problem with SIP traffic

Hello there! I have a problem with SIP traffic for VoIP. It is a HA cluster that has experienced that problem with the SIP traffic for phone calls. For a number of hours, SIP calls could not be made or received. Mismatches with the config between active and passive firewalls were found. Could that have been the cause for the problem with SIP tra...

URL Filtering Clarification

I have been wrestling with many people regarding URL filtering specified within the "Service/URL Category" tab of a security rule. First off I don't have a URL license. Let me continue... I have created a security rule that allows traffic to a URL (e.g. *.google.com). I create a custom URL Category and specified both *.google.com and google.c...

ScottF by L1 Bithead
  • 3304 Views
  • 1 replies
  • 0 Likes

Faulty Device - Config Wipeout

Hi Experts, We want to remove the configuration from the failure firewall before shipping faulty device back to PA. Since firewall isn’t booting up, we’d not be able to do “Factory Reset” to wipe out old config. We need to delete old configs. Can someone please assist

is Cluster possible?

Hi all, is quick question on above statement. is it possible to configure clusters with Palo Alto?I do not mean Active/Standby or Active/Active I was not able to find any documentation on this. if this is possible, could someone point me in this direction please?I want luck with Google/ KB site.thanks in advance

New Comer

Hi Im new to working with Palo Alto, and I im process of configuring a new Pa-820, I wanted a lttle infomation and help. 1) Do you have to create a return rule if you want the return traffic back from the destination back to your source address. Or will the firewall just allow the traffic if it recived the first packet from the source address. ...

kev91234 by L1 Bithead
  • 6193 Views
  • 6 replies
  • 0 Likes

Cannot add SNMP

Hi, I am trying to add Palo Alto firewalls to our monitoring system but one of our PA-220 is failing to be added. We use Panorama and PAN-OS 8.1.3. Any idea how to fix this issue?

SNMP.jpg

EDL HTTP response code said error

Hi, I am facing an issue where the External Dynamic List shows an error when tested by cli command "request system External-list show", the error is "HTTP response code said error", but whem the list is tested from any other device it is accessable and working fine, this list is a Domain list, and I dont think it is a bug as the list is not work...

Resolved! FTP_Passive_Antivirus_Profile_Performance

Hi Guys, quickDescription => paloAlto networks physical firewall and antivirus profile for FTP.Task => Using a script to get/put a file (few hundred kilobytes) from/to the FTP server every 100ms (ten times per second or 20 times per second) . The FTP server is behind paloalto. FTP mode = passive. Has someone tested or knows the performance...

Resolved! phase 1 up phase 2 down

( description contains 'IKE phase-1 negotiation is failed. Peer\'s ID payload 10.175.150.0 (type ipaddr) does not match a configured IKE gateway.' ) and ( description contains 'IKE phase-1 negotiation is failed as responder, main mode. Failed SA: 198.160.191.5[500]-173.182.112.167[500] cookie:5357205146f1b40c:a194d23cbec27a50. Due to timeout.' ...

MP18 by Cyber Elite
  • 12322 Views
  • 2 replies
  • 0 Likes

ALB Health Checks -> Palo Alto -> ALB

Trying to get the Palo Altos to register as healthy. Can anyone provide some assistance on NAT policies, or configurations for getting TCP 80 checks from ALB to Palo Altos to ALB which sits in front of two App servers? ALB (Palo Altos) |Palo Altos |ALB (App Servers) | App Servers

Resolved! IpSec VPN between Palo and Vyatta

Hi all, I try to configure an IPSec tunnel between PA-500 (version 7.1.4) and vyatta.Config seem to be ok, phase 1 is ok but nego for phase 2 is block in "No Proposal chosen". I select in phase 2 all possibility given by the palo. Any body already succeed to do that ?help .. please 🙂 Vincent

VinceM by L5 Sessionator
  • 9802 Views
  • 8 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels