General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Learning center doesn´t work

Good Morning, I´m training in PaloAlto 8 Essential and today page doesn´t work. I Attach the error Server Error in Application. The specified network name is no longer available Please could you help me? Thanks.

E418949 by L0 Member
  • 3240 Views
  • 1 replies
  • 0 Likes

I can't decryption some web-site

Hi Expert , I was found an issue about after that applied decryption policy such as just facebook site but when access facebook occurs htps site restriction I don't have license URL and threat prevention Kindly please suggest to me.

Route daemon configuration load phase-1 aborted

Hello, I am getting "Route daemon configuration load phase-1 aborted" alarms under type-'Routing' , severity as 'Informational' and event as 'routed-config-p1-abort'. Why we have these alarms and what they're indicating? could someone provide details on this. Thanks

LCAP down on Passive Firewal

Hello team, In an HA environment, with pre-negotiation for LCAP disabled , but passive link state set to "Auto" in the HA configuration, if all physical interfaces show as up, is the AE (Aggregated Interface) supposed to be up or down, as the partner (Cisco Switch) is showing suspended on the LCAP interface.Also from PA the CLi is showing no pa...

Browsing Quota Time ?

I am coming from Forcepoint from a proxy perspective. My questions is, does the Palo Alto support user browsing policies, and user quota times ? I am looking to have some block list and white list created. I am also wanting to give certain users limited browsing time, i.e., about an hour of browsing time during working hours. Is this possble?

Resolved! Commit error in HA

Hello, We are using PA-VM with PAN-OS 8.1.6. When trying to enable the Heartbeat and HA1 backup, we cannot commit as it failed with this error. How to fix this issue?

CommitError.jpg

Security Profiles on Deny Rules

What is the best practice for adding security profiles to deny rules? I like to add the URL profile to deny rules so I can see what URLs are being denied. Who else adds security profiles to the deny rules and what benefit do you get? Has anyone had an issue with dataplane resources being consumed by using security profiles in deny rules? -Tha...

Cisco ASA and Palo Alto 820 with multiple Proxy-ID

Trying to replace a site to site VPN Cisco ASA firewall with Palo Alto PA-850. Cisco ASA on this side has multiple ACLs configured which is equivalent to Proxy-IDs. It is configued with IKEv1, policy based, no IKEv2. I do not have access to the firewall on the other side. I have multiple Proxy-IDs configured on the PA and matched with the exi...

Resolved! session_end_reason eq decrypt-error - 8.0.9

Attempting to decrypt inbound ssl traffic to our federation server. I have been unsuccessful and getting decrpyt error. We have been decrpyting other public servers in the same manner with individual certs succesfully for the past couple years. I have confirmed the cert is correct and cyphers are PA supported. Anyone have advice of what I could ...

clewis1 by L3 Networker
  • 25560 Views
  • 14 replies
  • 0 Likes

Firewall Throughput

We have a PA3050 in a very simple setup.1 outside interface and 2 inside interfaces (aggregated). A few times a week our clients complain about performance. During this time the firewall is generating 1Gb throughput (flat-line). However, the throughput on the 3 interfaces combined together wont reach the 500Mbit. Can someone explain what this t...

PA3050-Throughput.PNG
Sjoerd by L2 Linker
  • 4829 Views
  • 2 replies
  • 0 Likes

user-id

Hi Community, I am running PA local user-id agent in PAN os 8.1.3i am facing an issue that my server monitoring is shows as 'not-connected', i am able to test the authentication and proper service account is configured. it was working fine for long time and hope ther was some windows patch in AD server recently.when i capture in AD server, i am ...

Resolved! Server with public IP behind the firewall without Natting

We need to have a 1 server behind the firewall with public ip address.We do not want private ip on the server. Firewall - outside zoneServer is behind the DMZ_Zone. Currently DMZ has sub interface with private ip address so when traffic comes from internet it will hit he firewall and hit should redirect that to DMZ zone where server has public...

MP18 by Cyber Elite
  • 9335 Views
  • 3 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels